malware   13016

« earlier    

UXProtect
UXProtect is an XProtect exploration tool created by Digita Security. The goal of the tool is to highlight and extend the capabilities of XProtect for research and educational purposes.
mac  macos  netsec  infosec  research  antivirus  malware 
14 hours ago by agius
InfoSec Handlers Diary Blog - Analyzing MSI files
MSI files are Composite Document Files, or as I like to call them, ole files. MSI files can be inspected with tools that handle OLE files, like 7-Zip, oletools, oledump

developed a new oledump plugin, plugin_msi, to decode MSI stream names, and also provide info like the header (ASCII) and MD5 hash of the streams...name of stream 5 (Binary.bz.CustomActionDll) is a good indicator that the embedded PE file is a DLL. This can be confirmed by inspecting the embedded PE file, with a tool like pecheck
msi  cybersecurity  malware  tools  signature  sans 
yesterday by bwiese
Finding VBA signatures in Word documents - SANS Internet Storm Center
UNICODE strings SigAgile and Sign start the digital signature in binary Word documents
cybersecurity  doc  malware  signature  yara 
yesterday by bwiese
An autograph from the Dridex gang - SANS Internet Storm Center
As happens often now, the PDF does not contain malicious code, just a malicious link. This URL can be detected and extracted with pdfid and pdf-parser:
plugin_vba_summary, we can produce a report summarizing the VBA code used in this malicious Word document:
sans  cybersecurity  pdf  malware  signature 
yesterday by bwiese
Twitter
. It’s now the most common tool for data-theft attacks against organizations. Learn common evasion techniqu…
Malware  from twitter_favs
6 days ago by jasonquinlan
Deciphering Malware’s use of TLS (without Decryption)
1) Flow Metadata - f inbound bytes, outbound bytes, inbound
packets, outbound packets; the source and destination ports;
and the total duration of the flow in second
2) Sequence of Packet Lengths and Times - sequence of packet lengths and packet inter-arrival times (SPLT) has been well studied [25], [39]. In our open source implementation, the SPLT elements are collected for the first 50 packets of a flow. Zero-length payloads (such as ACKs) and retransmissions are ignored. A Markov chain representation is used to model the SPLT data
3) Byte Distribution - the byte distribution can give information about the header-to-payload ratios, the composition of the application headers, and if any poorly implemented padding is added.
4) Unencrypted TLS Header Information - TLS version, the ordered list of offered ciphersuites,
and the list of supported TLS extensions are collected from
the client hello message. The selected ciphersuite and
selected TLS extensions are collected from the server
hello message. The server’s certificate is collected from the
certificate message. The client’s public key length is
collected from the client key exchange message, and
is the length of the RSA ciphertext or DH/ECDH public key,
depending on the ciphersuite. Similar to the sequence of packet
lengths and times, the sequence of record lengths, times, and
types is collected from TLS sessions
tls  malware  cisco  machinelearning  research 
7 days ago by bwiese

« earlier    

related tags

0000  0day  11/9/2017  a  ad  adblock  adblocker  ads  adversaries  advertising  adware  ai  airgap  along  an  analysis  and  android  antivirus  api  apps  atm  attack  attacker  attribution  auditing  australia  avy  award  aws  backdoor  bad  badbot  banking  been  benign  binary  bits  botnet  bots  browsealoud  browsealou…  browser  bug  business  by  called  cellphones  chaos  chrome  cisco  compromised  comscore  conference  config  cpu  crime  criptovalute  cryptocurrencies  cryptocurrency  cryptojacking  cryptominer  cryptomining  cyberespionage  cybersecurity  cyberthreatintel  cyptomining  darknet  devops  dfir  direct  do_not_track  doc  drm  eff  elisp  emacs  emf  encryption  endgamge  entry  ethics  exercise  faraday  fileless  forensics  found  fraud  gartner  go  google  gov2.0  gtd  hack  hacker  hacking  hard  have  headline  helm  hit  homebrew  incidentresponse  industrial_control_systems  infosec  injection  intelligence  ips  is  isdp  javascript  jump  larger  lasc  linux  list  mac  machinelearning  macos  maliciousai  malvertising  may  media  meltdown  meltdown_spectre  memory  microsoft  middle_east  mining  mitre  mobile  msi  msoffice  munki  netsec  ocr  of  olympics  on  online  org  other  part  passwords  pcap  pdf  pentest  phishing  pinterest  powershell  privacy  radiflow  ransomware  registry  removal  report  research  resource  reverse-engineering  reverseengineering  samples  sandbox  sans  scanners  scheme  screenshots  secrepo  security  serverless  service  services  sharing  signal  signature  signatures  sites.  skygofree  skype  snort  software  specter  spectre  splunk  spyware  stix  sysmon  talos  tech  testing  the  thousands  threat  threathunting  tls  todo  tool  tools  top  towatch  tracking  training  ttp  tutorial  uk  video  vpn  web  whatsapp  why  windows  with  yara  |   

Copy this bookmark:



description:


tags: