Tag: [SANS ISC] Searching for Base64-encoded PE Files

[SANS ISC] Searching for Base64-encoded PE Files

I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“.

When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters “MZ” at the beginning of the file. But, to bypass classic controls, those files are often obfuscated (XOR, Rot13 or Base64)… [Read more]

[The post [SANS ISC] Searching for Base64-encoded PE Files has been first published on /dev/random]

from Xavier