Xavier Mertens 🇧🇪
@eeksme.bsky.social
📤 221
📥 21
📝 39
A fork of
https://twitter.com/xme
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 1 year ago
Python Bot Delivered Through DLL Side-Loading https://isc.sans.edu/diary/31778
0
2
4
Great talk! 🥳
add a skeleton here at some point
over 1 year ago
0
1
0
Good morning from
#Insomnihack
! I’m here today, ping me if you want to meet!
over 1 year ago
0
2
0
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 1 year ago
Shellcode Encoded in UUID's https://isc.sans.edu/diary/31752
0
0
5
Njrat Campaign Using Microsoft Dev Tunnels
isc.sans.edu/diary/31724
#SANSISC
over 1 year ago
0
0
0
reposted by
Xavier Mertens 🇧🇪
Hexacorn
over 1 year ago
Every once in a while you come across interesting PE Section names Hello Guy!
www.virustotal.com/gui/file/051...
1
8
3
XWorm Cocktail: A Mix of PE data with PowerShell Code
isc.sans.edu/diary/31700
#SANSISC
loading . . .
XWorm Cocktail:� A Mix of PE data with PowerShell Code - SANS Internet Storm Center
https://isc.sans.edu/diary/31700
over 1 year ago
0
0
0
Monday morning reading with your 0xC0FFEE:
www.elastic.co/security-lab...
loading . . .
You've Got Malware: FINALDRAFT Hides in Your Drafts — Elastic Security Labs
During a recent investigation (REF7707), Elastic Security Labs discovered new malware targeting a foreign ministry. The malware includes a custom loader and backdoor with many features including using...
https://www.elastic.co/security-labs/finaldraft
over 1 year ago
0
0
1
The Danger of IP Volatility
isc.sans.edu/diary/31688
#SANSISC
loading . . .
The Danger of IP Volatility - SANS Internet Storm Center
The Danger of IP Volatility, Author: Xavier Mertens
https://isc.sans.edu/diary/31688
over 1 year ago
0
0
1
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 1 year ago
Fake BSOD Delivered by Malicious Python Script https://isc.sans.edu/diary/31686
0
2
3
The Unbreakable Multi-Layer Anti-Debugging System
isc.sans.edu/diary/31658
over 1 year ago
0
0
0
Be honest… we all do that… taking screenshots of important information! Be careful and don’t keep them for a long time!
#InfoStealer
#Malware
#OCR
t.co/cjI7gNLkW5
loading . . .
https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/
https://t.co/cjI7gNLkW5
over 1 year ago
0
0
0
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 1 year ago
From PowerShell to a Python Obfuscation Race! https://isc.sans.edu/diary/31634
0
1
1
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 1 year ago
Fileless Python InfoStealer Targeting Exodus https://isc.sans.edu/diary/31630
0
0
1
Let’s wrap up the week with the malware analysis tournament! Wanna join the fun? My next class is in March in London
#FOR610
#SANSEMEA
over 1 year ago
0
1
0
Make Malware Happy
isc.sans.edu/diary/31560
#SANSISC
over 1 year ago
0
1
0
SwaetRAT Delivery Through Python
isc.sans.edu/diary/31554
loading . . .
SwaetRAT Delivery Through Python - SANS Internet Storm Center
SwaetRAT Delivery Through Python, Author: Xavier Mertens
https://isc.sans.edu/diary/31554
over 1 year ago
0
0
0
More SSH Fun!
isc.sans.edu/diary/31542
loading . . .
More SSH Fun! - SANS Internet Storm Center
More SSH Fun!, Author: Xavier Mertens
https://isc.sans.edu/diary/31542
over 1 year ago
0
1
0
Modiloader From Obfuscated Batch File
isc.sans.edu/diary/31540
loading . . .
Modiloader From Obfuscated Batch File - SANS Internet Storm Center
Modiloader From Obfuscated Batch File, Author: Xavier Mertens
https://isc.sans.edu/diary/31540
over 1 year ago
0
1
0
Christmas "Gift" Delivered Through SSH
isc.sans.edu/diary/31538
loading . . .
Christmas
Christmas "Gift" Delivered Through SSH, Author: Xavier Mertens
https://isc.sans.edu/diary/31538
over 1 year ago
0
0
0
Interesting read: Windows Server 2022 and MsMpEng.exe
www.hexacorn.com/blog/2024/12...
loading . . .
https://hexacorn.com/blog/2024/12/2…
over 1 year ago
0
1
1
Python Delivering AnyDesk Client as RAT
isc.sans.edu/diary/31524
loading . . .
Python Delivering AnyDesk Client as RAT - SANS Internet Storm Center
Python Delivering AnyDesk Client as RAT, Author: Xavier Mertens
https://isc.sans.edu/diary/31524
over 1 year ago
0
3
0
Is it me or the price of printer cartridges became really insane? @HP has a business more lucrative than
#ransomware
gangs! Hey Bad Guys, move to the printer business! 👿
over 1 year ago
0
0
0
“I see coins everywhere!” 😍
over 1 year ago
0
0
0
Cyber Defense
#Netwars
running at full speed in Frankfurt!
#SANSEMEA
over 1 year ago
0
1
0
Full set of Belgian speakers at SANS@Night in Frankfurt tonight! 🇧🇪 The room was full! So exciting!
#SANSEMEA
over 1 year ago
0
3
0
My last
#FOR610
run for this year! Welcome Frankfurt!
over 1 year ago
0
4
0
From a Regular Infostealer to its Obfuscated Version
isc.sans.edu/diary/31484
#SANSISC
loading . . .
From a Regular Infostealer to its Obfuscated Version - SANS Internet Storm Center
From a Regular Infostealer to its Obfuscated Version, Author: Xavier Mertens
https://isc.sans.edu/diary/31484
over 1 year ago
0
1
0
Some attackers look like
#scriptkiddies
and need a GUI 😆
#Ransomware
over 1 year ago
0
0
0
IT Archeology… I found this today!
over 1 year ago
0
1
0
Me, writing
#Python
scripts for
#malware
analysis..
over 1 year ago
0
0
0
An Infostealer Searching for « BIP-0039 » Data
isc.sans.edu/diary/31464
loading . . .
An Infostealer Searching for « BIP-0039 » Data - SANS Internet Storm Center
https://isc.sans.edu/diary/31464
over 1 year ago
0
6
3
Best comment ever from one student here in
#FOR710
: « Although i have been an ida pro believer for 10+ years, i like how
#Ghidra
makes everything FUN while to IDA Pro you're only a sub :( »
#QotD
over 1 year ago
1
5
1
Detecting the Presence of a Debugger in Linux
isc.sans.edu/diary/31450
loading . . .
Detecting the Presence of a Debugger in Linux - SANS Internet Storm Center
Detecting the Presence of a Debugger in Linux, Author: Xavier Mertens
https://isc.sans.edu/diary/31450
over 1 year ago
0
1
1
A nice hunting technique in
#Splunk
:
www.hexacorn.com/blog/2024/01...
over 2 years ago
0
1
0
Interesting
#lolbin
:
www.hexacorn.com/blog/2023/12...
over 2 years ago
0
0
0
Dear Followers, Happy 0x7E8!
over 2 years ago
0
1
0
From
@sansisc.bsky.social
: Python Keylogger Using
Mailtrap.io
i5c.us/d30512
over 2 years ago
0
0
0
From
@sansisc.bsky.social
: Shall We Play a Game?
i5c.us/d30510
over 2 years ago
0
0
0
From
@sansisc.bsky.social
: An Example of RocketMQ Exploit Scanner
i5c.us/d30492
over 2 years ago
0
0
0
From
@sansisc.bsky.social
: CSharp Payload Phoning to a CobaltStrike Server
i5c.us/d30490
over 2 years ago
0
0
0
From
@sansisc.bsky.social
: Malicious Python Script with a TCL/TK GUI
i5c.us/d30478
over 2 years ago
0
0
0
When you perform a brute force on a DNS zone, nothing is returned (even a simple 'www'), and you realize that you made a typo in the domain... 🤦
#FridayStory
over 2 years ago
0
1
0
reposted by
Xavier Mertens 🇧🇪
SANS.edu Internet Storm Center
over 2 years ago
Microsoft Patch Tuesday November 2023
i5c.us/d30400
0
5
1
Finally joined... Hello! \o
over 2 years ago
0
8
0
you reached the end!!
feeds!
log in