Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
RAR SYMANTEC DECOMPOSER BYPASS
2008-04-22	donald smith	Symantec decomposer rar bypass allowed malicious content.
RAR
2023-05-17/a>	Xavier Mertens	Increase in Malicious RAR SFX files
2022-09-26/a>	Xavier Mertens	Easy Python Sandbox Detection
2022-07-20/a>	Xavier Mertens	Malicious Python Script Behaving Like a Rubber Ducky
2021-06-11/a>	Xavier Mertens	Keeping an Eye on Dangerous Python Modules
2019-04-22/a>	Didier Stevens	.rar Files and ACE Exploit CVE-2018-20250
2018-11-19/a>	Xavier Mertens	The Challenge of Managing Your Digital Library
2017-10-15/a>	Didier Stevens	Peeking into .msg files
2017-08-25/a>	Xavier Mertens	Malicious AutoIT script delivered in a self-extracting RAR file
2016-11-22/a>	Didier Stevens	Update:ZIP With Comment
2016-01-20/a>	Xavier Mertens	/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-12-23/a>	Rob VandenBrink	Libraries and Dependencies - It Really is Turtles All The Way Down!
2015-02-03/a>	Johannes Ullrich	What is using this library?
2014-11-04/a>	Daniel Wesemann	Whois someone else?
2013-07-10/a>	Johannes Ullrich	.NL Registrar Compromisse
2008-04-22/a>	donald smith	Symantec decomposer rar bypass allowed malicious content.
SYMANTEC
2014-08-06/a>	Johannes Ullrich	Exploit Available for Symantec End Point Protection
2014-07-30/a>	Rick Wanner	Symantec Endpoint Protection Privilege Escalation Zero Day
2014-03-02/a>	Stephen Hall	Symantec goes yellow
2014-02-14/a>	Chris Mohan	SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2013-12-28/a>	Russ McRee	Weekend Reading List 27 DEC
2012-01-25/a>	Bojan Zdrnja	pcAnywhere users – patch now!
2010-05-16/a>	Rick Wanner	Symantec triggers on World of Warcraft update
2009-12-29/a>	Rick Wanner	What's up with port 12174? Possible Symantec server compromise?
2009-03-10/a>	Swa Frantzen	conspiracy fodder: pifts.exe
2008-04-22/a>	donald smith	Symantec decomposer rar bypass allowed malicious content.
DECOMPOSER
2008-04-22/a>	donald smith	Symantec decomposer rar bypass allowed malicious content.
BYPASS
2022-09-22/a>	Xavier Mertens	RAT Delivered Through FODHelper
2022-06-04/a>	Guy Bruneau	Spam Email Contains a Very Large ISO file
2022-05-20/a>	Xavier Mertens	A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2020-12-29/a>	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-25/a>	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-04-04/a>	Didier Stevens	New Bypass Technique or Corrupt Word Document?
2019-12-26/a>	Xavier Mertens	Bypassing UAC to Install a Cryptominer
2019-11-08/a>	Xavier Mertens	Microsoft Apps Diverted from Their Main Use
2019-07-25/a>	Rob VandenBrink	When Users Attack! Users (and Admins) Thwarting Security Controls
2017-03-05/a>	Didier Stevens	Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2016-12-13/a>	Xavier Mertens	UAC Bypass in JScript Dropper
2016-11-16/a>	Xavier Mertens	Example of Getting Analysts & Researchers Away
2015-06-16/a>	John Bambenek	CVE-2014-4114 and an Interesting AV Bypass Technique
2014-03-13/a>	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2013-09-18/a>	Rob VandenBrink	Cisco DCNM Update Released
2012-05-08/a>	Bojan Zdrnja	Windows Firewall Bypass Vulnerability and NetBIOS NS
2008-04-22/a>	donald smith	Symantec decomposer rar bypass allowed malicious content.

RAR SYMANTEC DECOMPOSER BYPASS

RAR

SYMANTEC

DECOMPOSER

BYPASS