[SANS ISC] Keep an Eye on WebSockets

I published the following diary on isc.sans.edu: “Keep an Eye on WebSockets“:

It has been a while that I did not spot WebSockets used by malware. Yesterday I discovered an interesting piece of Powershell. Very small and almost undetected according to its Virustotal score (2/54). A quick reminder for those that don’t know what a “WebSocket” is. When you perform a classic HTTP request to a server, it replies with some data and closes the connection. WebSockets make the client/server push messages at any time without any relation to a previous request. Compared to HTTP, they allow bi-directional protocols, full-duplex and, over a single TCP connection… [Read more]

The post [SANS ISC] Keep an Eye on WebSockets appeared first on /dev/random.

Article Link: [SANS ISC] Keep an Eye on WebSockets - /dev/random