Data 2006

Hayao Miyazaki

2010.08.01 08:15 Hayao Miyazaki

A place to discuss legendary director, animator, and screenwriter Hayao Miyazaki.

2014.08.06 22:57 iloverust A Place for All Things Electrochemical

A resource to ask questions, give advice, and generally discuss topics related to Electrochemistry. Topics of focus include physical electrochemistry, corrosion, batteries, fuel cells, redox reactions, impedance, voltammetry, potentiostat use, and polarization. Both theory and application are welcome!

2019.06.29 18:52 ayejit Race Pill Science

A critical response to subreddits that attempt to subvert the distinction between empirical reality and racist role-playing/pornographic fantasy. Dedicated foremost to an honest and evidence-based discussion on the influence of race and colorism in dating, and, secondarily, to dissecting the hypermasculine BBC mythology serving at the core of dehumanized interracial fetishism.

2020.11.23 20:06 InQuestLabs d7897e83397b516dd80147df24cce46197388b84bbb8365b2adfe85d743df540

This post is a quick look at the following document which popped up on our RADAR today as "interesting":
Purports to be an invoice as depicted here but in actuality leads down a chain of pivots that results in the installation of a malicious Windows service pretending to be a McAfee AV Update task. The execution chain is as follows: Document to Remote Template to HTA to DLL.
Embedded Image
Unzipping the OOXML file and examining the relative links (defanged), we see a remote inclusion of a template on a CloudFront domain. This is already quite suspect:
$ cat word/_rels/settings.xml.rels   
The template referenced above is available on InQuest Labs:
Use the following link to highlight interesting lines from the macro, within the template, also depicted below. Note that there's a number of pre-written filters available in the dropdown here.
Filtered Macro Lines
Note that the macro is seemingly going to install a new service, pretending to be a McAfee update service. That service appears to be defined by whatever is behind the following pivoting to another resource behind that same CloudFront domain:
The retrieved file is an HTA application that in-turn contains two base64-encoded embedded payloads. First, let's look at the top of the HTA file which moves the window off-screen to hide from the user:
    Test HTA