Keep reading
Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.
Koadic: Pen Testing, Pivoting, & JavaScripting, Part II
Michael Buckbee
March 29, 2020
Mshta and rundll32, the Windows binaries that Koadic leverages, have been long known to hackers. If you take a peek at Mitre’s ATT&CK database, you’ll see that rundll32 has been...
The Malware Hiding in Your Windows System32 Folder: More Rundll32 and LoL Security Defense Tips
Michael Buckbee
July 19, 2018
When we left off last, I showed how it’s possible to run VBScript directly from mshta. I can play a similar trick with another LoL-ware binary, our old friend rundll32....
Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
Michael Buckbee
June 17, 2020
In my epic series on Windows binaries that have dual uses– talkin’ to you rundll32 and mshta — I showed how hackers can stealthy download and launch remote script-based malware....
The Malware Hiding in Your Windows System32 Folder: Certutil and Alternate Data Streams
Michael Buckbee
June 14, 2018
We don’t like to think that the core Window binaries on our servers are disguised malware, but it’s not such a strange idea. OS tools such as regsrv32 and mshta...