OneAndOnly – Page 2 – WindowsTechs.com

How do AV scanners in VirusTotal check if a file is malicious or not and how trustworthy is its report?

Posted on July 12, 2019 by OneAndOnly

I have the following three questions regarding the VirusTotal service:

When I submit a file, sometimes it uploads the file extremely fast even for large files, how does it do it?

Does it only send the hash of the file to AV scanners/engi… Continue reading How do AV scanners in VirusTotal check if a file is malicious or not and how trustworthy is its report?→

Can rootkits hide their internet usage from resource-manager and third party software in windows 10? If so, how?

Posted on June 26, 2019 by OneAndOnly

Lets say I have the latest windows 10 version. I also have DU meter for checking my network usage

I know that in windows there is a linked list of processes that many rootkits tend to remove themselves from to hide from the … Continue reading Can rootkits hide their internet usage from resource-manager and third party software in windows 10? If so, how?→

If x86 architecture has overflow flag in the CPU, then why can’t we use it to detect integer overflows in C binaries?

Posted on April 26, 2019 by OneAndOnly

I’m talking about the overflow flag that is used in some architectures like x86:
https://en.wikipedia.org/wiki/Overflow_flag

why aren’t operating systems using this overflow flag to stop integer overflows?
what is the usag… Continue reading If x86 architecture has overflow flag in the CPU, then why can’t we use it to detect integer overflows in C binaries?→

What is the role of LLMNR, NBSS and NBNS protocols in WannaCry? [closed]

Posted on January 27, 2019 by OneAndOnly

I know that LLMNR is the “new version” of NetBIOS and both of them are basically for resolving names to IP addresses

I also know some exploits based on them, like a MiTM attack that the attacker sends a malicious response to the victim wh… Continue reading What is the role of LLMNR, NBSS and NBNS protocols in WannaCry? [closed]→

Any good analysis tool for wireshark captures to find malicious activities? (forensics) [on hold]

Posted on January 23, 2019 by OneAndOnly

If someone has a Wireshark capture file (pcapng), and this is given to a professional digital investigator, how does he/she proceed to analyze a capture that has more than 200k packets and a lot of different IPs/ports?

Do y… Continue reading Any good analysis tool for wireshark captures to find malicious activities? (forensics) [on hold]→

Do major ISPs still ignore IP spoofing?

Posted on December 29, 2018 by OneAndOnly

I was reading this question:

Why don’t ISPs filter on source address to prevent spoofing?

and based on those answers, ISPs ignore it because of the overhead of checking for spoofing.

But that question is a bit old so I wanted to check if any development has been happening?

I just don’t understand why it’s so hard for ISPs to implement the first hops to check if the source IP is valid and record the given IP by the DHCP server for checking the validness of the IP? how can it be a big overhead?

For example, if someone starts spoofing a lot of IPs and does malicious activity like DDoS, will major ISPs detect it or they still don’t check?

Continue reading Do major ISPs still ignore IP spoofing?→