IEEE

Generating Features of Windows Portable Executable Files for Static Analysis using Portable Executable Reader Module (PEFile)

Abstract: The identification of malicious program at an early stage has been proven to be effective in reducing the chance of malware infection on the device or a system. A common approach to do this ...

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger ...

Hackers exploit TrueConf zero-day to push malicious software updates

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
The Hacker News

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...
Windows Report

Microsoft Adds Faster File Search to Word, Excel, and PowerPoint Web Apps

If you ever felt it was daunting to search your files in Office web apps, the latest update from Microsoft will ease that headache a little. In the latest Tech Community blog post, Microsoft announced ...
GitHub

disable_uac_remote_restriction.yml

description: The following analytic detects the modification of the registry to disable UAC remote restriction by setting the "LocalAccountTokenFilterPolicy" value to "0x00000001". It leverages data ...
GitHub

windows_exfiltration_over_c2_via_invoke_restmethod.yml

description: The following analytic detects potential data exfiltration using PowerShell's Invoke-RestMethod. It leverages PowerShell Script Block Logging to identify scripts that attempt to upload ...