Collaborate Disseminate
Detecting infected files in a website or web application is very easy: you just need to compare the files with a clean backup or the original source (for example with diff) and that’s it. However, detecting an infection in a … Continue reading How can I detect an infection in a database?
In this 35C3 talk, it is said that while it is possible to manually inspect whether a package optimizes away memset() that clears sensitive memory, doing it automatically would be challenging. Assuming that the binary is comp… Continue reading What makes detection of optimized-away memory clearing non-trivial?
An old adage is that if an adversary physically accessed your system, you should consider it compromised. My question is, what if they could have, but you have no evidence they did?
For example, let us say that you were walk… Continue reading Should you consider a system compromised if someone could have physically accessed it, but you have no evidence they did?
Every article I have read on backdoor attack prevention says pretty much this:
Protecting against them may be difficult.
I am tired of reading how it can be ~difficult~ to protect against. Difficult is a fuzzy word. I w… Continue reading 100% detectable backdoor attacks on network
I’m working on my thesis and I have a couple questions about differences between heuristics-based and behavioral malware detection.
Does heuristics-based detection rely only on statically examining malcode in order to find s… Continue reading Heuristics-based vs behavioral malware detection
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins. Continue reading WordPress Targeted with Clever SEO Injection Malware
When a customer talks with a representative of a company in a chat on a web-page, it is possible that they are actually sending every keystroke to their server before you hit the enter or click the send button.
You are barte… Continue reading Does Real-time typing view in chats invades privacy? Are there any detection and prevention methods?
When a customer talks with a representative of a company in a chat on a web-page, it is possible that they are actually sending every keystroke to their server before you hit the enter or click the send button.
You are barte… Continue reading Does Real-time typing view in chats invades privacy? Are there any detection and prevention methods?
This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, perhaps for 2+ years. However, we deferred this debate and hid… Continue reading Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?
Is there a way to detect if an agent Z is listening to (and acting on) messages from Y? I can observe the messages that Y sends and the actions that Z takes, but I know Z is also listening (and acting on) other messages that … Continue reading Detecting if an agent is listening to specific messages