Xavier Mertens 🇧🇪
@eeksme.bsky.social
A fork of https://twitter.com/xme
Reposted by Xavier Mertens 🇧🇪
Python Bot Delivered Through DLL Side-Loading https://isc.sans.edu/diary/31778
March 18, 2025 at 7:37 AM
Python Bot Delivered Through DLL Side-Loading https://isc.sans.edu/diary/31778
Great talk! 🥳
@cryptax.bsky.social on stage at #insomniHack
Using Radar2 and AI to analyse malware more efficiently
Using Radar2 and AI to analyse malware more efficiently
March 15, 2025 at 7:25 AM
Great talk! 🥳
Good morning from #Insomnihack! I’m here today, ping me if you want to meet!
March 14, 2025 at 8:03 AM
Good morning from #Insomnihack! I’m here today, ping me if you want to meet!
Reposted by Xavier Mertens 🇧🇪
Shellcode Encoded in UUID's https://isc.sans.edu/diary/31752
March 10, 2025 at 8:30 AM
Shellcode Encoded in UUID's https://isc.sans.edu/diary/31752
February 27, 2025 at 3:10 PM
Reposted by Xavier Mertens 🇧🇪
Every once in a while you come across interesting PE Section names
Hello
Guy!
www.virustotal.com/gui/file/051...
Hello
Guy!
www.virustotal.com/gui/file/051...
February 19, 2025 at 12:45 PM
Every once in a while you come across interesting PE Section names
Hello
Guy!
www.virustotal.com/gui/file/051...
Hello
Guy!
www.virustotal.com/gui/file/051...
XWorm Cocktail: A Mix of PE data with PowerShell Code isc.sans.edu/diary/31700 #SANSISC
XWorm Cocktail:� A Mix of PE data with PowerShell Code - SANS Internet Storm Center
isc.sans.edu
February 19, 2025 at 7:39 AM
XWorm Cocktail: A Mix of PE data with PowerShell Code isc.sans.edu/diary/31700 #SANSISC
Monday morning reading with your 0xC0FFEE:
www.elastic.co/security-lab...
www.elastic.co/security-lab...
You've Got Malware: FINALDRAFT Hides in Your Drafts — Elastic Security Labs
During a recent investigation (REF7707), Elastic Security Labs discovered new malware targeting a foreign ministry. The malware includes a custom loader and backdoor with many features including using...
www.elastic.co
February 17, 2025 at 6:30 AM
Monday morning reading with your 0xC0FFEE:
www.elastic.co/security-lab...
www.elastic.co/security-lab...
The Danger of IP Volatility isc.sans.edu/diary/31688 #SANSISC
The Danger of IP Volatility - SANS Internet Storm Center
The Danger of IP Volatility, Author: Xavier Mertens
isc.sans.edu
February 15, 2025 at 7:28 AM
The Danger of IP Volatility isc.sans.edu/diary/31688 #SANSISC
Reposted by Xavier Mertens 🇧🇪
Fake BSOD Delivered by Malicious Python Script https://isc.sans.edu/diary/31686
February 14, 2025 at 12:31 PM
Fake BSOD Delivered by Malicious Python Script https://isc.sans.edu/diary/31686
The Unbreakable Multi-Layer Anti-Debugging System isc.sans.edu/diary/31658
February 6, 2025 at 8:22 AM
The Unbreakable Multi-Layer Anti-Debugging System isc.sans.edu/diary/31658
Be honest… we all do that… taking screenshots of important information! Be careful and don’t keep them for a long time! #InfoStealer #Malware #OCR
t.co/cjI7gNLkW5
t.co/cjI7gNLkW5
https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/
t.co
February 6, 2025 at 8:11 AM
Be honest… we all do that… taking screenshots of important information! Be careful and don’t keep them for a long time! #InfoStealer #Malware #OCR
t.co/cjI7gNLkW5
t.co/cjI7gNLkW5
Reposted by Xavier Mertens 🇧🇪
From PowerShell to a Python Obfuscation Race! https://isc.sans.edu/diary/31634
January 29, 2025 at 8:41 AM
From PowerShell to a Python Obfuscation Race! https://isc.sans.edu/diary/31634
Reposted by Xavier Mertens 🇧🇪
Fileless Python InfoStealer Targeting Exodus https://isc.sans.edu/diary/31630
January 28, 2025 at 7:16 AM
Fileless Python InfoStealer Targeting Exodus https://isc.sans.edu/diary/31630
Make Malware Happy isc.sans.edu/diary/31560 #SANSISC
January 6, 2025 at 7:50 AM
Make Malware Happy isc.sans.edu/diary/31560 #SANSISC
SwaetRAT Delivery Through Python isc.sans.edu/diary/31554
SwaetRAT Delivery Through Python - SANS Internet Storm Center
SwaetRAT Delivery Through Python, Author: Xavier Mertens
isc.sans.edu
January 3, 2025 at 6:46 AM
SwaetRAT Delivery Through Python isc.sans.edu/diary/31554
More SSH Fun! isc.sans.edu/diary/31542
More SSH Fun! - SANS Internet Storm Center
More SSH Fun!, Author: Xavier Mertens
isc.sans.edu
December 24, 2024 at 6:40 AM
More SSH Fun! isc.sans.edu/diary/31542
Modiloader From Obfuscated Batch File isc.sans.edu/diary/31540
Modiloader From Obfuscated Batch File - SANS Internet Storm Center
Modiloader From Obfuscated Batch File, Author: Xavier Mertens
isc.sans.edu
December 23, 2024 at 6:33 AM
Modiloader From Obfuscated Batch File isc.sans.edu/diary/31540
Christmas "Gift" Delivered Through SSH isc.sans.edu/diary/31538
Christmas
Christmas "Gift" Delivered Through SSH, Author: Xavier Mertens
isc.sans.edu
December 20, 2024 at 11:08 AM
Christmas "Gift" Delivered Through SSH isc.sans.edu/diary/31538
Interesting read: Windows Server 2022 and MsMpEng.exe www.hexacorn.com/blog/2024/12...
https://hexacorn.com/blog/2024/12/2…
December 20, 2024 at 6:28 AM
Interesting read: Windows Server 2022 and MsMpEng.exe www.hexacorn.com/blog/2024/12...
Python Delivering AnyDesk Client as RAT isc.sans.edu/diary/31524
Python Delivering AnyDesk Client as RAT - SANS Internet Storm Center
Python Delivering AnyDesk Client as RAT, Author: Xavier Mertens
isc.sans.edu
December 17, 2024 at 8:02 AM
Python Delivering AnyDesk Client as RAT isc.sans.edu/diary/31524
Is it me or the price of printer cartridges became really insane? @HP has a business more lucrative than #ransomware gangs! Hey Bad Guys, move to the printer business! 👿
December 16, 2024 at 9:45 AM
Is it me or the price of printer cartridges became really insane? @HP has a business more lucrative than #ransomware gangs! Hey Bad Guys, move to the printer business! 👿
“I see coins everywhere!” 😍
December 13, 2024 at 6:48 PM
“I see coins everywhere!” 😍
December 12, 2024 at 6:18 PM