Decrypting Cobalt Strike Traffic With a "Leaked" Private Key, (Mon, Oct 25th)

Cobalt Strike C2 traffic is encrypted with AES. The AES key is randomly generated by the beacon, and communicated to the team server via RSA encrypted metadata. The beacon contains the public RSA key, and the team server the private RSA key.

14h

ISC Stormcast For Monday, October 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7726, (Mon, Oct 25th)

19h

Phishing ZIP With Malformed Filename, (Sun, Oct 24th)

The output of my zipdump.py tool analyzing diary entry "Reader Malware: ZIP/HTML Phish" ZIP file is a bit strange:

1d

Reader Malware: ZIP/HTML Phish, (Sat, Oct 23rd)

Reader Henry submitted a malicious email attachment: a ZIP file.

1d

YARA Release v4.1.3, (Sat, Oct 23rd)

This new release of YARA is just a bug fix release.

2d

October 2021 Contest: Forensic Challenge, (Fri, Oct 22nd)

Introduction

2d

ISC Stormcast For Friday, October 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7724, (Fri, Oct 22nd)

3d

ISC Stormcast For Thursday, October 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7722, (Thu, Oct 21st)

4d

"Stolen Images Evidence" campaign pushes Sliver-based malware, (Thu, Oct 21st)

Introduction

4d

Thanks to COVID-19, New Types of Documents are Lost in The Wild, (Wed, Oct 20th)

In many countries, citizens are vaccinated and authorities are now implementing new rules when you need to attend some events or travels. For example, in Brussel (BE), you must prove that you're completely vaccinated by showing your "COVID Safe Ticket" to go to a restaurant or a bar. The document name changes across countries but it's basically the...

5d