Collaborate Disseminate
How can I as a trusted user of a middleman company (such as PhishTank) verify whether a phishing site is valid if the scam listens only on a unique referrer link(randomly created) and is blocking any other access methods?
I have a yara rule that looks for multiple strings in a file and fires if the count is greater than 3. But how would I change the condition statement to only fire if greater than 3 but less than 5?
Essentially I want somethi… Continue reading Yara condition count operator with wildcard
In a nutshell, it works by measuring how the resonant frequency, amplitude and scattering pattern of emitted microwaves are altered by any water, frost or ice that may be present on its surface. As a result, in lab tests, it was able to detec… Continue reading Sensor designed for aircraft detects ice formation in real time
I’ve read a few articles that describe the heuristic detection used by AVs as being either “weight-based” or “rule-based”. The weight-based aspect seems to make sense, but I don’t understand what “rule-based” detection is or how it works.
… Continue reading What is "rule-based" analysis in malware detection?
Isn’t it better to “open” our doors, ajar, leaving a bit of honey behind the door, instead of trying to close what makes it more interesting for the hacker to keep on the operation?
Maybe using a trap behind the open door?
… Continue reading Why are we still attempting to smart off hackers? [on hold]
This question already has an answer here:
Snort rules to detect Meterpreter sessions
2 answers
I’m currently working on S… Continue reading Snort rules to detect metasploit’s trojan [duplicate]
A lot of articles I read seem to lump behavioral detection together with heuristic detection. From what I know, one of the defining features of heuristic detection is that it can be used to detect new malware, but results in … Continue reading Are all "behavioral detection" of malware a form of heuristic detection?
My first question is this:
1) Antivirus software works using signature based detection. Signature based detection evaluates items (maybe not the right word?) based upon a big database of known threats. Software carries with i… Continue reading Antivirus and it’s role in detecting payload execution?
Currently, we are working on a Malware detection project specifically Ransomware detection. We are monitoring specific files, and we want to identify file handles and which processes are opening the files.
Our Environment co… Continue reading How to check for file handle for files and which process is modifying the file in real time using python on Windows?
After some personal research I didn’t find any possible way or a paper to explain how to determine what architecture a given piece of shellcode may targets. The only obvious way I found would be to disassemble it for various … Continue reading Determine what architecture a piece of shellcode targets