I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“.
When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters “MZ” at the beginning of the file. But, to bypass classic controls, those files are often obfuscated (XOR, Rot13 or Base64)… [Read more]
[The post [SANS ISC] Searching for Base64-encoded PE Files has been first published on /dev/random]
from Xavier
No comments:
Post a Comment