• Simple Netcat Backdoor in Python Script, (Sat, Sep 30th)

    Updated: 2023-09-30 07:03:16
    Internet Storm Center Sign In Sign Up Handler on Duty : Xavier Mertens Threat Level : green previous Simple Netcat Backdoor in Python Script Published 2023-09-30 Last Updated 2023-09-30 07:03:16 UTC by Xavier Mertens Version : 1 0 comment(s Why reinvent the wheel We are all lazy and , if we have a tool that offers some interesting capabilities , why not use it I spotted a simple maliciouis Python script targeting Windows hosts . The file SHA256:d706d94981bc53ab1458519f224b9602152325fc2a18f3df9d9da8f562b99044 is flagged by 16 antivirus products on VirusTotal[ 1 Nothing very exciting with the script , it's a bot that uses a Discord channel for C2 communications . nbsp Looking at the capabilities , I found an interesting function that downloads a copy of netcap from the official website unzip

  • Are You Still Storing Passwords In Plain Text Files?, (Fri, Sep 29th)

    Updated: 2023-09-29 07:35:31
    "Infostealer" malware have&#;x26;#;xc2;&#;x26;#;xa0;been in the wild for a long time now. Once the computer&#;x26;#;39;s victim is infected, the goal is to steal "juicy" information like passwords, cookies, screenshots, keystrokes, and more. Yesterday, I spotted an interesting sample. It&#;x26;#;39;s delivered through an FTP connection. The file (SHA256:2bf9a44bd546e0fd1448521669136220dc49146b0f3a5cd7863698ac79b5e778) is unknown on VirusTotal.

  • ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)

    Updated: 2023-09-29 02:15:02
    "Infostealer" malware have&#;x26;#;xc2;&#;x26;#;xa0;been in the wild for a long time now. Once the computer&#;x26;#;39;s victim is infected, the goal is to steal "juicy" information like passwords, cookies, screenshots, keystrokes, and more. Yesterday, I spotted an interesting sample. It&#;x26;#;39;s delivered through an FTP connection. The file (SHA256:2bf9a44bd546e0fd1448521669136220dc49146b0f3a5cd7863698ac79b5e778) is unknown on VirusTotal.

  • ISC Stormcast For Thursday, September 28th, 2023 https://isc.sans.edu/podcastdetail/8678, (Thu, Sep 28th)

    Updated: 2023-09-28 02:00:02
    If you look at the XML EventData of Windows events like 1002 (DHCP error), you will see something like this:

  • ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)

    Updated: 2023-09-27 02:00:02
    If you look at the XML EventData of Windows events like 1002 (DHCP error), you will see something like this:

  • ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)

    Updated: 2023-09-26 00:10:02
    As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today&#;x26;#;39;s release of macOS 14, Apple revealed the security content of these prior updates.

  • ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)

    Updated: 2023-09-25 02:00:02
    Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.

Current Feed Items | Previous Months Items

Aug 2023 | Jul 2023 | Jun 2023 | May 2023 | Apr 2023 | Mar 2023