Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”
A useful tool: fast and easy to use.Continue reading “PEpper: a python script to perform malware static analysis on Portable Executable format”
Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices.
According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human rights.Continue reading “New version of FinFisher spyware used to spy on iOS and Android users in 20 countries”
According to security firm Check Point, a newly discovered Android malware that replaces portions of apps with its own code has infected more than 25 million devices.Continue reading “‘Agent Smith’ malware has infected Android apps on 25 million devices”
During a forensic investigation, Windows Event Logs are the primary source of evidence.
Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.