filmov
tv
OneNote Malware Trends - Understanding Process Activity with ProcMon
Показать описание
Observing OneNote activity with Process Monitor and Process Hacker!
🔥 FREE DOWNLOADABLE PDF - MALICIOUS DOCS QUICK REFERENCE
Understanding process activity can provide valuable insights where looking for malicious activity or creating rules to block it. With the recent surge in OneNote based malware, the the trend has been to use a variety of embedded scrips or even PE files to gain initial access. In this video, we'll cover a lot of ground by investigating how OneNote documents lure users into executing the malicious code. We'll observe process activity using Process Monitor and Process Hacker. Then use onedump to fully unravel the attack chain. We'll also investigate some anti-analysis in a .NET dropper and decrypt our final payload, which leads to AsyncRat.
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
Sample SHA256: 17915f90eb7e41c7d6e27c1d01edb3b6affabdbc6d02afc0df55352c57b9c22d
00:00 Introduction
01:20 Monitoring Process Behavior
03:40 Launching OneNote
04:31 Process Tree in ProcMon
05:27 Attached Files in OneNote
08:40 Detect-It-Easy and Attached File
09:52 Analyzing the BAT File
11:34 Decoding the Next Stage
14:07 Analyzing the .NET Binary with dnSpyEx
15:37 Observing Anti-Analysis
20:10 Dumping the Final Stage - AsyncRAT
21:55 AsyncRAT
🔥 FREE DOWNLOADABLE PDF - MALICIOUS DOCS QUICK REFERENCE
Understanding process activity can provide valuable insights where looking for malicious activity or creating rules to block it. With the recent surge in OneNote based malware, the the trend has been to use a variety of embedded scrips or even PE files to gain initial access. In this video, we'll cover a lot of ground by investigating how OneNote documents lure users into executing the malicious code. We'll observe process activity using Process Monitor and Process Hacker. Then use onedump to fully unravel the attack chain. We'll also investigate some anti-analysis in a .NET dropper and decrypt our final payload, which leads to AsyncRat.
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
Sample SHA256: 17915f90eb7e41c7d6e27c1d01edb3b6affabdbc6d02afc0df55352c57b9c22d
00:00 Introduction
01:20 Monitoring Process Behavior
03:40 Launching OneNote
04:31 Process Tree in ProcMon
05:27 Attached Files in OneNote
08:40 Detect-It-Easy and Attached File
09:52 Analyzing the BAT File
11:34 Decoding the Next Stage
14:07 Analyzing the .NET Binary with dnSpyEx
15:37 Observing Anti-Analysis
20:10 Dumping the Final Stage - AsyncRAT
21:55 AsyncRAT
0:22:27
OneNote Malware Trends - Understanding Process Activity with ProcMon
0:12:12
OneNote Malware Trends - Analyzing Emotet Abuse
0:22:44
OneNote Malware Trends - Tips and Tricks for Investigating OneNote Malware Used to Deliver AsyncRAT
0:08:22
OneNote Malware Trends - OneNote Leads to AgentTesla
0:15:23
OneNote Malware Trends - Investigating Script Execution that Leads to QuakBot
0:07:40
What happens when a OneNote document is password-protected...?
0:02:51
The OneNote exploit
0:08:59
Malicious OneNote Documents - Malware Analysis
0:29:15
Hunting OneNote Malware: A Practical Guide for Blue Teams
0:06:27
How to Analyze Malicious OneNote Document - No Special OneNote Tool needed #malware #infosec
0:07:12
How to use Microsoft OneNote on Windows - Malware Delivery Initial Access
0:18:21
The rise of the Qbot Malware Leveraging OneNote
0:00:52
News of the Week - Microsoft OneNote Malware Scare 😨 #shorts
0:11:43
Hunting for Non-Traditional Initial Access Vectors: OneNote Notebooks and Malicious Shortcuts (.lnk)
0:06:22
How Threat Actors Use OneNote to Deploy ASyncRAT
1:02:25
Customer Session: Investigating OneNote Malware with Hunters' Team Axon
0:03:36
QakBot OneNote Spawning MSHTA | Security Spotlight
0:00:49
OneNote vs Apple Notes - Not What You’d Expect
0:07:54
Jak EMOTET zneužívá OneNote dokumenty - SecurityCast Ep.161
0:38:43
OneNote Best Practices for Educators and Students with Mike Tholfsen
0:03:10
Qakbot Malware Explained
![[pawpatrules.fr] Emotet -](https://i.ytimg.com/vi/gz7Q8L5PbmA/hqdefault.jpg)
0:03:12
[pawpatrules.fr] Emotet - Microsoft OneNote campaign - March 2023 - detection with Suricata IDS/NSM
0:13:29
Daily Cyber News: Pepsi Data Breach, NameCheap Email Hack, OneNote Malware, Ransomware & China
0:28:56
code.talks 23 - The Wolf in Sheep's Clothing: How Cybercriminals Leverage OneNote for Stealthy....
Комментарии