I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“. When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters “MZ” at the beginning of the file. But, to bypass classic controls, those
[The post [SANS ISC] Searching for Base64-encoded PE Files has been first published on /dev/random]
from [SANS ISC] Searching for Base64-encoded PE Files
No comments:
Post a Comment