My #nviso peeps :-) #offsite #lapland NVISO

2 weeks ago I flew to Lapland with all my NVISO colleagues for our annual offsite, this time to be held in Sweden. I measured radiation at cruising altitude in our Smurf airplane. :-)

SANS.edu Internet Storm Center And some #YARA rules to detect #aCropalypse PNG images 👉🏽 github.com/0xThiebaut/Sig…

Whilst #microsoft is about to fix the #OneNote emedded file feature, I took a look at how #threatactors can abuse embedded URLs to deliver their malicious content/#malware. Check it out! wp.me/p84lDr-3LR #threathunting

YARA 4.3.0 released: github.com/VirusTotal/yar…

YARA 4.3.2 release bugfix github.com/VirusTotal/yar…

Deobfuscating a VBS Script With Custom Encoding i5c.us/d29940

Brute-Force ZIP Password Cracking with zipdump.py i5c.us/d29948

New blog post "Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs" blog.didierstevens.com/2023/08/29/qui…

New blog post "Quickpost: PDF/ActiveMime Maldocs YARA Rule" blog.didierstevens.com/2023/08/29/qui…

New blog post! Title: XOR Known-Plaintext Attacks | by Didier Stevens Link: wp.me/p84lDr-4eA #BlueTeam #KPA #cryptanalysis

Wireshark 4.2 released: wireshark.org/docs/relnotes/…

Off By One Security streams are back! Join me Thursday, the 7-DEC at 11AM PST with the amazing Didier Stevens, who will give us awesome insight (and likely some new tools) on Cobalt Strike from a Blue Team Perspective! AKA: Improve your red team chops! youtube.com/watch?v=ZtenI_…

Just a reminder that the Off By One Security stream with Didier Stevens is TOMORROW & not FRIDAY this week. 11AM PT. "Cobalt Strike from a Blue Team Perspective." youtube.com/watch?v=ZtenI_… I'm a bit worried that Didier is going to show us how far from ninjas we really are!

IPv4-mapped IPv6 Address Used For Obfuscation i5c.us/d30466

New blog post! Title: Covert TLS n-day backdoors: SparkCockpit & SparkTar | by NVISO Incident Response Link: wp.me/p84lDr-4w7 #Forensics #ReverseEngineering #CVE #Ivanti #PulseSecure

My next #FOR610 class will be in Washington (#SANSFIRE). Can't travel to the US? My next one will be in London in August! Come to have fun with #malware! sans.org/cyber-security…

Getting ready for my BruCON workshop brucon.org/2024/schedule/

Another #FOR610 run started today in Prague! My next sessions: - FOR710 - SANS Live Online Europe October 2024 (sans.org/event/live-onl…) - FOR710 - SANS November Singapore 2024 (sans.org/event/november…) - FOR610 - SANS Frankfurt December 2024 (sans.org/event/frankfur…)

‼️TAMRI/AGADIR - CALL FOR HELP: My nephew Dries went missing near Tamri (Agadir) in Morocco since Nov 19th. If you know anyone that is currently near Taghazout or the Sous-Massa National Park, please share this with them. Someone must have seen him and time is ticking to get him