Tag: SANS Internet Storm Center, InfoCON: green

Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these…

Read more →

PDF Object Streams, (Mon, Nov 11th)

The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF. This article has been indexed from SANS Internet Storm Center, InfoCON: green…

Read more →


zipdump & PKZIP Records, (Sun, Nov 10th)

In yesterday's diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…

Read more →


zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: 
zipdump…

Read more →

zipdump & PKZIP Records, (Sun, Nov 10th)

In yesterday's diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…

Read more →

zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: zipdump…

Read more →

Steam Account Checker Poisoned with Infostealer, (Thu, Nov 7th)

I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called “steam-account-checker” and is available in Github[2]. Its description is: This article…

Read more →

[Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)

[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…

Read more →

Python RAT with a Nice Screensharing Feature, (Tue, Nov 5th)

While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago[1]. The script I found is based on the same tool and still has a low VT score:…

Read more →

Analyzing an Encrypted Phishing PDF, (Mon, Nov 4th)

Once in a while, I get a question about my pdf-parser.py tool, not able to decode strings and streams from a PDF document. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analyzing…

Read more →

qpdf: Extracting PDF Streams, (Sat, Nov 2nd)

In diary entry “Analyzing PDF Streams” I answer a question asked by a student of Xavier: “how can you export all streams of a PDF?”. I explained how to do this with my pdf-parser.py tool. This article has been indexed…

Read more →