#XSS Payload in #Bengali #Obfuscated
Without any further explanation - look at the code ক = '' // empty string খ = !ক + ক // "true" গ = !খ + ক // "false" ঘ = ক + {} // "[object Object]" ঙ = খ[ক++] // "t" = "true"[0] চ = খ[জ = ক] // "r" = "true"[1] ছ = ++জ + ক // 2, 3 ঝ = ঘ[জ + ছ] // "c" খ[ ঝ
Allowing #XLSM and #XLSB files ? Stop it to save your Infra
I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !! Following images are from a malware packer, possibly related with latest #Zloader and other infections. Credit @DissectMalwareFrom the 2nd screenshot it is clear that XLSM and
Update #Python modules #pip regularly #NotetoSelf
We update our linux boxes almost regularly, so Debian/Ubuntu user like me run apt update && apt upgrade -y regularly. But, we miss updating python library regularly which breaks a lot of python modules or make them outdated. Sharing 2 methods to do it easily with single liner.
#TA505 find subdomain to download #Dropper #Malware
So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method So, found 2 TTPs today from twitter But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN] It will show you a certificate error page.
#Yara Rule for #TA505 Latest Campaign
rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b = "element.innerHTML" condition: all of ($meta_*) and filesize < 250000 }
Enable #WSL2 on #Windows10 #Note
Prerequisite Windows 10 version 2004 ( If you are not on 2004 yet, use Windows Update Assistant ) Intel Virtualization Option should be enabled in BIOS. In Command Prompt, type: dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart Then install update to its kernel
Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way
I am not your Regular #BlueTeam #YARA #Guru who is writing yara for everything everyday. But, was assigned for a task where I need to find-out a proper Yara for a specific class of new gen malwares where AV or SHA/MD5 based IOC's are not working. Even the network
[Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA
Received numbers of sample submission of invoice themed XLS which are not getting detected on VT properly using any reputed Anti Virus engine. There is nothing abnormal happening except it is showing following screen when opened. Pretty unusual - huh ! So, after finding few sample which is successfully evading anti
#Twitter #Video Upload #Fix (Your Media File Could Not Be Processed)
I am not regular on #Twitter. But, sometimes I do, and today I tried to post a video in twitter. Failed ( !!? )- with an error message "Your Media File Could Not Be Processed" without further explanation what I am doing wrong ! Then I tried from my mobile as well, but