Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Cylance, Predictive Advantage
Message
<blockquote data-quote="Eddie Morra" data-source="post: 773385"><p>Malware authors who can get their hands on Cylance properly and have the necessary skill-set will be capable of doing what you are saying, but it is going to be a huge-lot harder than how it would normally be. The reason for this is because... they do not know how Cylance's Ai system is trained (e.g. the data which is being put in to train it) and thus they have to spend an extreme amount of time performing trial and error, and they may never actually succeed.</p><p></p><p>An easier solution would be to develop the threat from scratch whilst checking with Cylance for each individual component as it is being implemented so they can start to pin-point which part of the attack is causing the detection. This can be done without re-starting the threat from scratch, but it might be tricky if the organisation was bad, and from what I've seen... malware authors usually have bad organisation skills.</p><p></p><p>There's another issue even if you can get the detection to disappear based on the Ai system: the endpoint version of Cylance (at-least) does have dynamic mitigation's for various behavior which can be enabled for the configuration, and thus it can catch out certain behavior from unknown/untrusted processes in real-time. You'll need a specific skill-set to start getting your way around this... which means you're going to need to be experienced in Windows internals, or have someone who is - and they need to be better than those working at Cylance to find a way to evade detection scope of the dynamic mitigation's (e.g. an alternate way that may have been missed by Cylance) or capable of finding an exploitable vulnerability/other work-around.</p><p></p><p>Anyway, unless the attack is specifically crafted and targeted for people using Cylance, it is going to be tricky business, because what works for bypassing Cylance (excluding dynamic mitigation's for the endpoint version) likely will not roll for other unlike-Cylance vendors and vice-versa.</p></blockquote><p></p>
[QUOTE="Eddie Morra, post: 773385"] Malware authors who can get their hands on Cylance properly and have the necessary skill-set will be capable of doing what you are saying, but it is going to be a huge-lot harder than how it would normally be. The reason for this is because... they do not know how Cylance's Ai system is trained (e.g. the data which is being put in to train it) and thus they have to spend an extreme amount of time performing trial and error, and they may never actually succeed. An easier solution would be to develop the threat from scratch whilst checking with Cylance for each individual component as it is being implemented so they can start to pin-point which part of the attack is causing the detection. This can be done without re-starting the threat from scratch, but it might be tricky if the organisation was bad, and from what I've seen... malware authors usually have bad organisation skills. There's another issue even if you can get the detection to disappear based on the Ai system: the endpoint version of Cylance (at-least) does have dynamic mitigation's for various behavior which can be enabled for the configuration, and thus it can catch out certain behavior from unknown/untrusted processes in real-time. You'll need a specific skill-set to start getting your way around this... which means you're going to need to be experienced in Windows internals, or have someone who is - and they need to be better than those working at Cylance to find a way to evade detection scope of the dynamic mitigation's (e.g. an alternate way that may have been missed by Cylance) or capable of finding an exploitable vulnerability/other work-around. Anyway, unless the attack is specifically crafted and targeted for people using Cylance, it is going to be tricky business, because what works for bypassing Cylance (excluding dynamic mitigation's for the endpoint version) likely will not roll for other unlike-Cylance vendors and vice-versa. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
