Collaborate Disseminate
Data destruction via drive formatting, file modification, and file deletion is a critical element of an organization’s ability to rapidly recover from a breach. Perhaps the attacker’s signature can be detected and prevented from executing … Continue reading Have external hardware SATA data protection systems been used in production to deter ransomware attacks?
Thinking of how a fuzzer brute-forces a lot of input to a program to discover vulnerabilities, it seems natural that one would then consider the concept of writing a program that analyzes the target program’s structure more fundamentally /… Continue reading Is there a term for a non-brute-force version of a fuzzer?
W^X is a critical security feature, allowing us a chance to perform security analysis on data that some entity on a computer wants to execute.
Windows implements this by requiring a process to call VirtualProtect. Because UEFI rootkits are… Continue reading Is W^X enforced against UEFI DXE drivers (firmware)? Could it be if we tried?
JTAG
System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing … Continue reading Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?
JTAG
System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing … Continue reading Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?
I’m curious to know if an attacker can fundamentally exploit the debugging process.
I’m not asking if specific debugging tools have been exploitable, surely some have, but rather whether the process of debugging – any and perhaps every deb… Continue reading Has exploitation been demonstrated against the fundamental constructs of the debugging process?
I’m curious to know if an attacker can fundamentally exploit the debugging process.
I’m not asking if specific debugging tools have been exploitable, surely some have, but rather whether the process of debugging – any and perhaps every deb… Continue reading Has exploitation been demonstrated against the fundamental constructs of the debugging process?
Doing malware analysis I’m interested in being able to log every instruction the CPU executes for a given process. I was hoping this was perhaps possible in a standard VM environment, even if not possible in a bare-metal execution scenario… Continue reading Is there a way to record CPU operations for a given process as they occur in a standard, production OS environment?
The problem with static software whitelisting is that in the real world, employees with versatile jobs need to run unexpected programs. Company sets up a whitelist to limit what programs can run – cool, security! But next thing you know so… Continue reading Could blockchain be useful for a protocol to verify content from a trusted publisher in the way I’m thinking of? [closed]
Activity coming from a VPN server outgoing traffic originates from the VPN’s public IP(s) so: (I assume through NATing) the VPN must be assigning some identifying information to the packets so it can know which users the incoming responses… Continue reading Is it possible for a MITM to distinguish traffic from individual users on a VPN? [duplicate]