I published the following diary on isc.sans.edu: “Python and Risky Windows API Calls“:
The Windows API is full of calls that are usually good indicators to guess the behavior of a script. In a previous diary, I wrote about some examples of “API call groups” that are clearly used together to achieve malicious activities. If it is often used in PowerShell scripts, here is an interesting sample in Python that uses the same technique. It calls directly Windows API though ‘ctypes’… [Read more]
The post [SANS ISC] Python and Risky Windows API Calls appeared first on /dev/random.
Article Link: https://blog.rootshell.be/2020/09/02/sans-isc-python-and-risky-windows-api-calls/