Investigation into interesting Snort signatures uncovered XSS with anti-analysis code.
UPX packed ELF file with the “p_info” section replaced with zeros.
Analysis of malicious VBA code from Emotet Maldoc containing PowerShell downloader.
Review of recent Emotet Maldoc obfuscation & evasion techniques
ISC Handler Didier Steven has created numerous tools for analyzing ole files.
The Emotet Malware Delivery Botnet is utilizing a combination of obfuscated VBA scripts, macros, and powershell instructions to evade antivirus defenses while relying on social engineering in order to successfully exploit target systems as user intervention is mandatory in the
Malicious PHP upload attempts have been ramping up over the past week. I am beginning to wonder if we are starting to see some more activity from botnets, possibly related to recent DSL & GPON exploit attempts (D-Link & DSL-2750B).
I thought about writing up a short article on exploitation attempts I have been seeing in the wild. This website, services.vcodispot.com, and associated .onion versions sit behind Suricata IPS. Suricata is an open source Network Intrusion Detection System (IDS) or
This article written on Null-byte.wonderhowto, goes into detail on how Maltego could be used to launch a disinformation campaign. The write up covers watching conversations, finding key players and trending information, identifying social media channels for jamming, and sentiment analysis.