Open ports in the Time of Corona
· β˜• 3 min read
One of the side effects of social distancing and self-quarantining due to COVID-19 was a large increase in the use of VPNs (and, in some cases, different remote access protocols, such as RDP or SSH) by companies around the world, so that their employees might work from home. I was wondering how large this increase would be when compared to the usual state of affairs. To determine this, I took a look at data I gathered from Shodan over the course of March and made couple of - hopefully interesting - charts.

SANS ISC Diary - Crashing explorer.exe with(out) a click
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles self-referential links, which makes it possible to use specially crafted URL and LNK files to crash Explorer.

CrisisCon - Breaking Windows
· β˜• 1 min read
Videos of all presentations from last weeks CrisisCon are now accessible on Youtube. Among them is my own talk on known unpatched vulnerabilities and weaknesses in Windows. If you couldn’t make it to the online conference, I recommend you at least go through some of the recordings as couple of the talks were quite interesting.

SANS ISC Diary - Desktop.ini as a post-exploitation tool
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles desktop.ini files, which makes it possible to use them as an interesting post-exploitation tool.

Overview of free online malware analysis sandboxes – 2020 edition
· β˜• 2 min read
Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a 'detection score' for a potentially dangerous file...

SANS ISC Diary - Analysis of a triple-encrypted AZORult downloader
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at analysis of an interesting malicious document which turned out to be AZORult downloader. What made it stand out - among its other aspects - were 3 layers of home-grown encryption...