Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Hancitor Maldoc Videos

Published: 2016-12-05
Last Updated: 2016-12-05 17:17:05 UTC
by Didier Stevens (Version: 1)
0 comment(s)

I produced videos for the Hancitor maldoc mentioned in this diary.

Hancitor Maldoc: Shellcode Dynamic Analysis

Hancitor maldoc: Extracting URLs

EMET vs Hancitor Maldoc

VBA Shellcode To Test EMET

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
NVISO

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Protecting Powershell Credentials (NOT)
Dec 2nd 2016
3 days ago by Rob VandenBrink (2 comments)

Tap Gigabit Networks on the Cheap
Dec 1st 2016
3 days ago by Johannes (8 comments)

Unpatched Vulnerability in Firefox used to Attack Tor Browser
Nov 30th 2016
4 days ago by Johannes (0 comments)

Take Back Wednesday? SQL Slammer... still alive but barely kicking
Nov 30th 2016
5 days ago by Johannes (1 comment)

Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
Nov 29th 2016
5 days ago by Johannes (21 comments)

TR-069 NewNTPServer Exploits: What we know so far
Nov 29th 2016
5 days ago by Johannes (12 comments)

View All Diaries →

Latest Discussions

404 Project: Compatible with mod_security?
created Dec 4th 2016
1 day ago by Ted (1 reply)

Confused about SHA1 in Certs and upcoming changes in browsers
created Dec 2nd 2016
3 days ago by Dana (0 replies)

SQL Slammer activity
created Nov 30th 2016
5 days ago by lwhitworth (2 replies)

Need help with classifying botnets via log entries
created Nov 17th 2016
2 weeks ago by Anonymous (0 replies)

Good read about PCI DSS
created Nov 16th 2016
2 weeks ago by scanforsecurity.com (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Dyn.com DDoS Attack
Oct 21st 2016
1 month ago by Johannes (9 comments)

Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
Nov 29th 2016
5 days ago by Johannes (21 comments)

TR-069 NewNTPServer Exploits: What we know so far
Nov 29th 2016
5 days ago by Johannes (12 comments)

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
Feb 12th 2016
9 months ago by Johannes (25 comments)

Mapping Attack Methodology to Controls
Nov 23rd 2016
1 week ago by Tom (9 comments)