 |
Post AvjG9C7awGyM5G08X2 by [email protected] |
 |
More posts by [email protected] |
|
Post #Aviv4jz5VpNwcd3bea by [email protected] |
|
0 likes, 2 repeats |
|
|
|
Unit42 published a pretty decent write-up on malicious lnk files. It includes I… |
|
|
|
Post #AvixQAVQIiOqrnWjmy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Your reminder that, for some reason, exiftools parses .lnk files perfectl… |
|
|
|
Post #AvixQAbnuzVJBaVpjc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Nice. TIL. |
|
|
|
Post #Avj3gfM1yRxctrNqlM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @mttaggart Really? Useful info. |
|
|
|
Post #Avj5Z51MrUF25zEGfI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w huh. Good to know. |
|
|
|
Post #Avj6iGBunho1Id6VHc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w I've blocked .lnk on my SEG and web proxy. So far no complaints or ti… |
|
|
|
Post #Avj6n4V1hK9wUCKyRc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @cR0w Windows EDR logs, delete them all :blobcatgiggle: |
|
|
|
Post #Avj73fbfVBt0CmMJ9s by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai We block them in email too. That's about it besides the occasio… |
|
|
|
Post #Avj7AwMhamtICxpDwe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @cR0w While you're at it (I'm sure you've done this alr… |
|
|
|
Post #Avj91G5PcAcsNuFV3Y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @cR0w I did a software execution block on mshta.exe as well. Have y… |
|
|
|
Post #Avj9fPLmafdohS3DdI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w I feel like we (community we) don't share baseline bad ext… |
|
|
|
Post #AvjAAg46UkcTW7gymG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @mttaggart Good point. I'll start:3863graddadeappcontent-msaspb… |
|
|
|
Post #AvjBwQ8z5pLDzaIx16 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mttaggart @cR0w I had no idea. That's really cool. Going to have to try th… |
|
|
|
Post #AvjC3oMdRQOd8YDJse by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai Ok, but joking aside, this gets me thinking about baselines again: … |
|
|
|
Post #AvjC6f4gR6CtC8AyyO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @mttaggart Rad. I'll add to this when I return to office tomorrow. To… |
|
|
|
Post #AvjCo0uL8X5zMS0g2S by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary Absolutely. Those dirs are also where I target automated hash looku… |
|
|
|
Post #AvjDifwFluzOpgvJFQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @mttaggart Sounds good. I know you host a lot of lists like that on… |
|
|
|
Post #AvjEkI5rUw8BPbkfmy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @mttaggart Done! I was only missing a few from yours. I made multiple com… |
|
|
|
Post #AvjF5PNraVJc6VF25A by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @mttaggart Nice! Did you happen to see any on your list that weren&… |
|
|
|
Post #AvjG9C7awGyM5G08X2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @mttaggart I did. We were, maybe not, surprisingly far off.Only Mine:jsep… |
|
|
|
Post #AvjGEnAmbshiRdA5B2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @mttaggart Thanks. Those should have been in my list already. I'… |
|
|
|
Post #AvjIIXXerqvZ24mBP6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @cR0w @mttaggart Is rtf bad? |
|
|
|
Post #AvjIjmhebfUtsBRVya by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@FritzAdalis @badsamurai @mttaggart yes |
|
|
|
Post #AvjIjmo2DwbMByQbvE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @badsamurai @mttaggart RTF can embed OLE?! wtf. Can anyone make a docum… |
|
|
|
Post #AvjIo3V467sz7sahe4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis @badsamurai @mttaggart My txt docs are still good. |
|
|
|
Post #AvjJ8ilKOZ2gtH3HLE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @badsamurai @mttaggart True, but text is the opposite of format. |
|
|
|
Post #AvjJYIDph4cg6fZvKC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis @cR0w @mttaggartNow ask me why I can't get .svg on there. /me … |
|
|
|
Post #AvjJwwtq6i8RDQz2wK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @FritzAdalis @cR0w @mttaggart svg supports javascript, just saying.. |
|
|
|
Post #AvjM4waJMVIuSon0j2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@catsalad @FritzAdalis @cR0w @mttaggart But if I ban hammer .svg I will definit… |
|
|
|
Post #AvjQZ2HL9j1WcyWJwe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @mttaggart Hopefully. I'm not a Mac person, so I know I have gaps the… |
|
|
|
Post #AvjQljCxN68fFHWQsK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@catsalad When you say "supports JavaScript", are you just saying &qu… |
|
|
|
Post #AvjTMiKVnbiZ92otrU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@me Javascript right in the svg file 👍 |
|
|
|
Post #AvjXEULwHTybIPox0K by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@catsalad @me SVG standard includes JS embedding since … ages. |
|
|
|
Post #AvnTdiU1G8tpAxDKtM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w |
