[SANS ISC] Video: CVE-2021-40444 Maldocs: Extracting URLs, (Sun, Oct 3rd)

In this video, reacting to a reader’s comment, I explain how you can add your own regex to my re-search.py tool (without changing the code).

I create a file with name re-search.txt and content:


This will add regurlar expression “[^”]+![^”]+” named str-bang to re-search’s library:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

All posts, HackerNews

Microsoft last week announced that it’s temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal […]

Read More

[ZDNet] A new surprise feature for Norton 360 antivirus users: you can mine for cryptocurrency

All posts, ZDNet

The vendor says that bringing mining in-house has security benefits. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] The Continuing Threat of Unpatched Security Vulnerabilities

All posts, HackerNews

Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as “patches,” when they come to know about these application vulnerabilities to secure these […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.