Python and Risky Windows API Calls, (Wed, Sep 2nd)

The Windows API is full of calls that are usually good indicators to guess the behavior of a script. In a previous diary, I wrote about some examples of “API call groups” that are clearly used together to achieve malicious activities[1]. If it is often used in PowerShell scripts, here is an interesting sample in Python that uses the same technique. It calls directly Windows API though ‘ctypes’. 

Article Link: https://isc.sans.edu/diary/rss/26530