Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
2025-03-18	Xavier Mertens	Python Bot Delivered Through DLL Side-Loading
2025-03-10	Xavier Mertens	Shellcode Encoded in UUIDs
2025-02-17	Russ McRee	ModelScan - Protection Against Model Serialization Attacks
2025-02-14	Xavier Mertens	Fake BSOD Delivered by Malicious Python Script
2025-02-06	Xavier Mertens	The Unbreakable Multi-Layer Anti-Debugging System
2025-01-29	Xavier Mertens	From PowerShell to a Python Obfuscation Race!
2025-01-28	Xavier Mertens	Fileless Python InfoStealer Targeting Exodus
2025-01-18	Jim Clausing	New tool: immutable.py
2025-01-03	Xavier Mertens	SwaetRAT Delivery Through Python
2024-12-31	Xavier Mertens	No Holiday Season for Attackers
2024-12-26	Jesse La Grew	Capturing Honeypot Data Beyond the Logs
2024-12-17	Xavier Mertens	Python Delivering AnyDesk Client as RAT
2024-11-30	Xavier Mertens	From a Regular Infostealer to its Obfuscated Version
2024-11-22	Xavier Mertens	An Infostealer Searching for « BIP-0039 » Data
2024-11-19	Xavier Mertens	Detecting the Presence of a Debugger in Linux
2024-11-07	Xavier Mertens	Steam Account Checker Poisoned with Infostealer
2024-11-05	Xavier Mertens	Python RAT with a Nice Screensharing Feature
2024-09-18	Xavier Mertens	Python Infostealer Patching Windows Exodus App
2024-09-17	Xavier Mertens	23:59, Time to Exfiltrate!
2024-09-16	Xavier Mertens	Managing PE Files With Overlays
2024-09-13	Jesse La Grew	Finding Honeypot Data Clusters Using DBSCAN: Part 2
2024-09-11	Xavier Mertens	Python Libraries Used for Malicious Purposes
2024-08-30	Jesse La Grew	Simulating Traffic With Scapy
2024-08-29	Xavier Mertens	Live Patching DLLs with Python
2024-08-27	Xavier Mertens	Why Is Python so Popular to Infect Windows Hosts?
2024-08-26	Xavier Mertens	From Highly Obfuscated Batch File to XWorm and Redline
2024-08-23	Jesse La Grew	Pandas Errors: What encoding are my logs in?
2024-08-19	Xavier Mertens	Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-16	Jesse La Grew	[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
2024-07-26	Xavier Mertens	ExelaStealer Delivered "From Russia With Love"
2024-07-24	Xavier Mertens	"Mouse Logger" Malicious Python Script
2024-07-10	Jesse La Grew	Finding Honeypot Data Clusters Using DBSCAN: Part 1
2024-06-06	Xavier Mertens	Malicious Python Script with a "Best Before" Date
2024-05-31	Xavier Mertens	"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-30	Xavier Mertens	Feeding MISP with OSSEC
2024-03-13	Xavier Mertens	Using ChatGPT to Deobfuscate Malicious Scripts
2024-02-20	Xavier Mertens	Python InfoStealer With Dynamic Sandbox Detection
2024-02-08	Xavier Mertens	A Python MP3 Player with Builtin Keylogger Capability
2024-01-25	Xavier Mertens	Facebook AdsManager Targeted by a Python Infostealer
2024-01-19	Xavier Mertens	macOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-17	Jesse La Grew	Number Usage in Passwords
2024-01-08	Jesse La Grew	What is that User Agent?
2023-12-23	Xavier Mertens	Python Keylogger Using Mailtrap.io
2023-12-22	Xavier Mertens	Shall We Play a Game?
2023-12-16	Xavier Mertens	An Example of RocketMQ Exploit Scanner
2023-11-20	Jesse La Grew	Overflowing Web Honeypot Logs
2023-10-31	Xavier Mertens	Multiple Layers of Anti-Sandboxing Techniques
2023-09-30	Xavier Mertens	Simple Netcat Backdoor in Python Script
2023-08-25	Xavier Mertens	Python Malware Using Postgresql for C2 Communications
2023-08-23	Guy Bruneau	How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary]
2023-08-22	Xavier Mertens	Have You Ever Heard of the Fernet Encryption Algorithm?
2023-08-17	Jesse La Grew	Command Line Parsing - Are These Really Unique Strings?
2023-08-11	Xavier Mertens	Show me All Your Windows!
2023-07-28	Xavier Mertens	ShellCode Hidden with Steganography
2023-06-20	Xavier Mertens	Malicious Code Can Be Anywhere
2023-04-28	Xavier Mertens	Quick IOC Scan With Docker
2023-03-18	Xavier Mertens	Old Backdoor, New Obfuscation
2023-03-11	Xavier Mertens	Overview of a Mirai Payload Generator
2023-03-01	Xavier Mertens	Python Infostealer Targeting Gamers
2023-02-09	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2022-11-14	Jesse La Grew	Extracting 'HTTP CONNECT' Requests with Python
2022-10-24	Xavier Mertens	C2 Communications Through outlook.com
2022-10-18	Xavier Mertens	Python Obfuscation for Dummies
2022-09-26	Xavier Mertens	Easy Python Sandbox Detection
2022-09-14	Xavier Mertens	Easy Process Injection within Python
2022-08-19	Johannes Ullrich	Windows Security Blocks UPX Compressed (packed) Binaries
2022-08-18	Johannes Ullrich	Honeypot Attack Summaries with Python
2022-07-20	Xavier Mertens	Malicious Python Script Behaving Like a Rubber Ducky
2022-06-24	Xavier Mertens	Python (ab)using The Windows GUI
2022-05-24	Yee Ching Tok	ctx Python Library Updated with "Extra" Features
2022-04-21	Xavier Mertens	Multi-Cryptocurrency Clipboard Swapper
2022-01-20	Xavier Mertens	RedLine Stealer Delivered Through FTP
2022-01-07	Xavier Mertens	Custom Python RAT Builder
2022-01-06	Xavier Mertens	Malicious Python Script Targeting Chinese People
2021-12-10	Xavier Mertens	Python Shellcode Injection From JSON Data
2021-12-01	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-08-30	Xavier Mertens	Cryptocurrency Clipboard Swapper Delivered With Love
2021-07-16	Xavier Mertens	Multiple BaseXX Obfuscations
2021-07-08	Xavier Mertens	Using Sudo with Python For More Security Controls
2021-07-06	Xavier Mertens	Python DLL Injection Check
2021-07-02	Xavier Mertens	"inception.py"... Multiple Base64 Encodings
2021-06-11	Xavier Mertens	Keeping an Eye on Dangerous Python Modules
2021-05-31	Rick Wanner	Quick and dirty Python: nmap
2021-05-04	Rick Wanner	Quick and dirty Python: masscan
2021-04-29	Xavier Mertens	From Python to .Net
2021-04-09	Xavier Mertens	No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2021-03-18	Xavier Mertens	Simple Python Keylogger
2020-12-10	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-20	Xavier Mertens	Malicious Python Code and LittleSnitch Detection
2020-11-09	Xavier Mertens	How Attackers Brush Up Their Malicious Scripts
2020-10-20	Xavier Mertens	Mirai-alike Python Scanner
2020-10-14	Xavier Mertens	Nicely Obfuscated Python RAT
2020-09-18	Xavier Mertens	A Mix of Python & VBA in a Malicious Word Document
2020-09-03	Xavier Mertens	Sandbox Evasion Using NTP
2020-09-02	Xavier Mertens	Python and Risky Windows API Calls
2020-08-18	Xavier Mertens	Using API's to Track Attackers
2020-07-30	Johannes Ullrich	Python Developers: Prepare!!!
2019-10-29	Xavier Mertens	Generating PCAP Files from YAML
2018-11-26	Russ McRee	ViperMonkey: VBA maldoc deobfuscation
2017-11-23	Xavier Mertens	Proactive Malicious Domain Search
2017-10-05	Johannes Ullrich	pcap2curl: Turning a pcap file into a set of cURL commands for "replay"
2017-08-22	Xavier Mertens	Defang all the things!
2017-04-19	Xavier Mertens	Hunting for Malicious Excel Sheets
2017-01-12	Mark Baggett	System Resource Utilization Monitor
2017-01-01	Didier Stevens	py2exe Decompiling - Part 1
2016-11-27	Russ McRee	Scapy vs. CozyDuke
2016-07-25	Didier Stevens	Python Malware - Part 4
2016-07-16	Didier Stevens	Python Malware - Part 3
2016-05-15	Didier Stevens	Python Malware - Part 1
2014-12-04	Mark Baggett	Automating Incident data collection with Python
2011-02-21	Adrien de Beaupre	What’s New, it's Python 3.2
2010-08-15	Manuel Humberto Santander Pelaez	Python to test web application security
2010-06-14	Manuel Humberto Santander Pelaez	Python on a microcontroller?
2010-03-30	Marcus Sachs	Zigbee Analysis Tools
2010-02-17	Rob VandenBrink	Multiple Security Updates for ESX 3.x and ESXi 3.x
2009-05-25	Jim Clausing	More tools for (US) Memorial Day