http://news.poseidon-us.com/TJR1Nn
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on “strange” API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes[2] library. It allows Python to call functions in DLLs or shared libraries.
http://news.poseidon-us.com/TJR1Nn
http://news.poseidon-us.com/TJR1Nn
