In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it's possible to call any Windows API and, therefore, perform low-level activities on the system. In another script,…
Category: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 29th, 2024…
ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 28th, 2024…
Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)
I have been curious for a while looking at Kibana's Vega log parsing options to try to come up with displays and layout that aren't standard in Kibana. A lot of the potential layouts already exists in Kibana but some…
Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)
It has been a while since I started to track how Python is used in the Windows eco-system[1]. Almost every day I find new pieces of malicious Python scripts. The programming language itself is not malicious. There are plenty of…
ISC Stormcast For Tuesday, August 27th, 2024 https://isc.sans.edu/podcastdetail/9114, (Tue, Aug 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 27th, 2024…
From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)
If you follow my diaries, you probably already know that one of my favorite topics around malware is obfuscation. I'm often impressed by the crazy techniques attackers use to make reverse engineers' lives more difficult. Last week, I spotted a…
ISC Stormcast For Monday, August 26th, 2024 https://isc.sans.edu/podcastdetail/9112, (Mon, Aug 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 26th, 2024…
Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
While trying to process some of my honeypot data, I ran into the following error in my Python script: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Pandas Errors: What encoding are…
ISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 23rd, 2024…