It's easy to achieve this level of prevention.
After hardening everything else (install and forget), you need to harden your browser + adblock.
Cato CTRL™ Threat Research: Foxveil – New Malware Loader Abusing Cloudflare, Discord, and Netlify as Staging Infrastructure
- Thread starter Khushal
- Start date
It's easy to achieve this level of prevention.
After hardening everything else (install and forget), you need to harden your browser + adblock.
I'm getting near this level without extra hardening; I harden my brain with reading and avoiding the scenarios I have read about.
Believe me, it's not rewarding (you'll find that out for yourself in the future) to commit to strengthening your browser + adblock.
I avoid interacting with any webpage if its domain is unusual.
The same principle of avoding executing any exploitable file extension, such as lnk, cmd, ps1, vbs unless I have created my self; then, I'm not in need for SRP.
If the malware reaches SAC or is blocked by the "Validate Admin Code Signatures" registry key, I would already have lost.
It must not get past the browser.
You must find a way to put your flash drive in the browser or use only the web for storage.
F
ForgottenSeer 123960
If you have verified that SAC is running in "On" mode on your specific machine, you are protected against Foxveil's dropped binaries. If you are on an older OS or your SAC is disabled or in "Evaluation" mode, you must rely on EDR/Antivirus and the manual IOC checks (Ports 9933/9934, AarSvc service, and SysWOW64\sms.exe) detailed in the telemetry.
You must find a way to put your flash drive in the browser or use only the web for storage.
Considering that no one questions the importance of SAC, Anti-Exploit,MD.............. I would like to know how many interventions of such protections you have seen on your PC (obviously not those controlled by you)?
I purchased this PC in July 2021 and since then I have seen videos:
0 preventive interventions
It may be that other users have had different experiences, I don't doubt that, but this is my experience.
I attribute this result to the settings of the two browsers I use.
Last edited:
F
ForgottenSeer 123960
Your custom ad-block rules and script blockers won't save you when you voluntarily download a payload that turns out to be ransomware. They won't stop a supply-chain attack from completely different software you've installed, and they won't stop a malicious email attachment.Considering that no one questions the importance of SAC, Anti-Exploit,MD.............. I would like to know how many interventions of such protections you have seen on your PC (obviously not those controlled by you)?
I purchased this PC in July 2021 and since then I have seen videos:
0 preventive interventions
It may be that other users have had different experiences, I don't doubt that, but this is my experience.
I attribute this result to the settings of the two browsers I use.
More importantly, those custom rules won't do a damn thing against a zero-day browser exploit. If there's an unpatched vulnerability in the rendering engine, a maliciously crafted page can trigger a remote code execution (RCE) before your extension even wakes up to filter it.
You’re essentially saying, 'I haven't been robbed yet, so I don't need locks on the doors, just a really good gate at the driveway.'
But sure, since we're relying on subjective hearsay and anecdotal logic. How many of you have crashed your car this year? None? Perfect. Go ahead and rip out the airbags and cut your seatbelts. Clearly, your defensive driving is the only safety feature you'll ever need.
You may also like...
-
Cato CTRL Threat Research: A Deep Dive into a New JSCEAL Infostealer Campaign- Started by Khushal
- Replies: 1
-
-
-
-
Deep Research: McAfee GTI, JTI, Artemis and Other Technologies Explained
- Started by Trident
- Replies: 2