Tag Archives: SANS

Show me All Your Windows!, (Fri, Aug 11th)

This post was originally published on this site

It's a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it's being debugged (executed in a debugger or its execution is slower than expected). Anti-analysis refers to techniques to detect if the malware is detonated in a sandbox or by a malware analyst. In such cases, tools run in parallel with the malware to collect live data (packets, API calls, files, or registry activity).

Are Leaked Credentials Dumps Used by Attackers?, (Fri, Aug 4th)

This post was originally published on this site

Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned”[1] help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).

Do Attackers Pay More Attention to IPv6?, (Sat, Jul 29th)

This post was originally published on this site

IPv6 has always been a hot topic! Available for years, many ISP's deployed IPv6 up to their residential customers. In Belgium, we were for a long time, the top-one country with IPv6 deployment because all big players provided IPv6 connectivity. In today's operating systems, IPv6 will be used first if your computer sees "RA" packets (for "router advertisement" [1]) and can get an IPv6 address. This will be totally transparent. That's why many people think that they don't use IPv6 but they do!

Suspicious IP Addresses Avoided by Malware Samples, (Wed, Jul 26th)

This post was originally published on this site

Modern malware samples implement a lot of anti-debugging and anti-analysis techniques. The idea is to slow down the malware analyst's job or, more simply, to bypass security solutions like sandboxes. These days, I see more and more malware samples written in Python that have these built-in capabilities. One of them is the detection of “suspicious” IP addresses.