A few days ago, I wrote a diary[1] about a link file that abused the ssh.exe tool present in modern versions of Microsoft Windows. At the end, I mentioned that I will hunt for more SSH-related files/scripts. Guess what? I...
Read More
Occasionaly I decompile Python code, with decompilers written in Python. Recently I discovered...
Read More
By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log...
Read More
It is again the time of the year when scammers are asking to verify banking information, whether...
Read More
With the end of the year quickly approaching, it is undoubtedly a good time to take a look at what...
Read More
While most of us are preparing the switch to a new year (If it’s already the case for you: Happy...
Read More
In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special...
Read MoreChristmas is at our doors and Attackers use the holiday season to deliver always more and more gifts into our mailboxes! I found this interesting file this morning: “christmas_slab.pdf.lnk”[1]. Link files (.lnk) are...
Read MoreWe do keep seeing attackers “poking around” looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an...
Read MoreIt is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically collect UDP...
Read MoreLast week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it’s used to host malicious files...
Read More
A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app...
Read More