Tag: SANS Internet Storm Center, InfoCON: green

PDF Object Streams, (Mon, Nov 11th)

The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF. This article has been indexed from SANS Internet Storm Center, InfoCON: green…

Read more →


zipdump & PKZIP Records, (Sun, Nov 10th)

In yesterday's diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…

Read more →


zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: 
zipdump…

Read more →

zipdump & PKZIP Records, (Sun, Nov 10th)

In yesterday's diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…

Read more →

zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: zipdump…

Read more →

Steam Account Checker Poisoned with Infostealer, (Thu, Nov 7th)

I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called “steam-account-checker” and is available in Github[2]. Its description is: This article…

Read more →