Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
2024-08-26
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-03-28
Xavier Mertens
From JavaScript to AsyncRAT
2024-03-13
Xavier Mertens
Using ChatGPT to Deobfuscate Malicious Scripts
2024-02-09
Xavier Mertens
MSIX With Heavily Obfuscated PowerShell Script
2024-01-26
Xavier Mertens
A Batch File With Multiple Payloads
2024-01-12
Xavier Mertens
One File, Two Payloads
2023-06-16
Xavier Mertens
Another RAT Delivered Through VBS
2023-06-09
Xavier Mertens
Undetected PowerShell Backdoor Disguised as a Profile File
2023-05-17
Xavier Mertens
Increase in Malicious RAR SFX files
2023-03-30
Xavier Mertens
Bypassing PowerShell Strong Obfuscation
2023-03-21
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-03-18
Xavier Mertens
Old Backdoor, New Obfuscation
2023-02-10
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-01-25
Xavier Mertens
A First Malicious OneNote Document
2022-11-05
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-10-18
Xavier Mertens
Python Obfuscation for Dummies
2022-06-19
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-01
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-09-22
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-01-04
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-13
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-10-14
Xavier Mertens
Nicely Obfuscated Python RAT
2020-09-04
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-16
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-07-08
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-03
Xavier Mertens
Obfuscated with a Simple 0x0A
2020-02-22
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2019-10-18
Xavier Mertens
Quick Malicious VBS Analysis
2019-08-09
Xavier Mertens
100% JavaScript Phishing Page
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-02
Xavier Mertens
Malicious Script With Multiple Payloads
2019-06-10
Xavier Mertens
Interesting JavaScript Obfuscation Example
2018-12-15
Didier Stevens
De-DOSfuscation Example
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-26
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-16
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-10-23
Xavier Mertens
Diving into Malicious AutoIT Code
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-06-18
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-09-30
Lorna Hutcheson
Who's Borrowing your Resources?
2017-07-08
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-06-22
Xavier Mertens
Obfuscating without XOR
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-21
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-19
Xavier Mertens
Hunting for Malicious Excel Sheets
2017-03-30
Xavier Mertens
Diverting built-in features for the bad
2017-03-24
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-18
Xavier Mertens
Example of Multiple Stages Dropper
2017-02-28
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-12
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2016-08-28
Guy Bruneau
Spam with Obfuscated Javascript
2016-06-22
Bojan Zdrnja
Security through obscurity never works
2016-02-07
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-01-15
Xavier Mertens
JavaScript Deobfuscation Tool
2013-02-08
Kevin Shortt
Is it Spam or Is it Malware?
2012-05-22
Johannes Ullrich
nmap 6 released
2012-01-03
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2010-04-08
Bojan Zdrnja
JavaScript obfuscation in PDF: Sky is the limit
2010-03-05
Kyle Haugsness
Javascript obfuscators used in the wild
2009-06-30
Chris Carboni
Obfuscated Code
2009-06-30
Chris Carboni
De-Obfuscation Submissions
2009-04-07
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2008-09-03
Daniel Wesemann
Static analysis of Shellcode - Part 2
2008-07-14
Daniel Wesemann
Obfuscated JavaScript Redux
2008-04-06
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
This site is powered by
your submissions
, so tell us
what you see happening