Zero-day prevention. Is there a Windows program that encrypts files on-the-fly, keeping only the currently open file decrypted?

I’m looking for a program for Windows that can securely store my code. The program should be able to encrypt my files on-the-fly, such that only the file I’m currently using is kept decrypted (mainly the current source file(s) I’m working … Continue reading Zero-day prevention. Is there a Windows program that encrypts files on-the-fly, keeping only the currently open file decrypted?

How can an ELF binary call a Windows API from WSL(2) to deploy a payload?

In September 2021 Black Lotus Labs (BLL) posted a blog entry discussing a payload loader that was:

written in Python
compiled to an ELF exe using PyInstaller in Debian in WSL
and "injected into a running process using Windows API cal… Continue reading How can an ELF binary call a Windows API from WSL(2) to deploy a payload?

Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

JTAG

System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing … Continue reading Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

JTAG

System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing … Continue reading Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

Has exploitation been demonstrated against the fundamental constructs of the debugging process?

I’m curious to know if an attacker can fundamentally exploit the debugging process.
I’m not asking if specific debugging tools have been exploitable, surely some have, but rather whether the process of debugging – any and perhaps every deb… Continue reading Has exploitation been demonstrated against the fundamental constructs of the debugging process?

Has exploitation been demonstrated against the fundamental constructs of the debugging process?

I’m curious to know if an attacker can fundamentally exploit the debugging process.
I’m not asking if specific debugging tools have been exploitable, surely some have, but rather whether the process of debugging – any and perhaps every deb… Continue reading Has exploitation been demonstrated against the fundamental constructs of the debugging process?