Category: SANS™ Internet Storm Center

This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF. The second thing to do, is to look

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

In yesterday's diary entry "zipdump & Evasive ZIP Concatenation" I showed how one can inspect the PKZIP records that make up a ZIP file. My tool zipdump.py can also inspect the data of PKZIP file records,

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This gives me a good opportunity to remind you that my zip analysis

The SANS Holiday Hack Challenge is open early this year:   Enjoy! :-)   Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" and is available in Github[2]. Its description is: steam

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.