Player replacement: AV (out) - App control (in).
Malware Obfuscation Part 1
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
My point is not to be argumentative - which I do not think you saw it as such. My intent was only to present one of the multitude of options threat actors have and the most determined and persistent will attempt to accomplish their objectives. For run-of-the-mill threat actors on the dark web that subscribe to services, not so much - they just do the "Spray and Pray" method.
Persistent and thorough are usually determined enough that they will keep trying until they succeed - and I do not mean just for targeted attacks. The motivation is money and there is so much money to be made that the motto "Just don't give up" is something like a lottery ticket with a big payoff.
One can convert PowerShell, Python, LUA, or any other scripting language into an executable (.exe or other equivalent execution type) file, all with various degrees of "ease of success" dependent upon how it was done - and most importantly what the malicious executable is attempting to do and how it is doing it on the system.
Nothing I have said is revolutionary nor does any of it automatically guarantee success or failure - because it is all so high level. We'd have to have a pile of samples to reverse engineer and figure out how and why some succeeded where others failed and separate those that did not work - they were executed and just sat there broken or just did nothing. None of this stuff is obvious nor does it have a "linear" learning curve.
The focus is always "How and why the malware bypassed this, that, and the other."I agree, scenarios like these are usually extreme situations, extreme malware, extreme samples, most of us will never run into or experience in our daily lives.
But, it makes for great debate
Virtually never is there even a glint of discussion about "What can the malware do?"
Well, nowadays there is malware out there that can literally rob you of your entire life.
Jedem Das Seine. To Each Their Own. But relying upon a low probability that it will happen to protect you is something way less than "security by obscurity" and it will not save a person, their family, and many of their assets. After the loss or losses happen, it is almost 100% that the assets (or very valuable data) shall never be recovered. For victims of identity theft, even with insurance coverage, that process takes years, time away from work, working with investigators, appearances in arbitration or court, and so on, and so on.
If it takes a person just a few minutes to erect a powerful chicken fence to keep out 99.999% of foxes and other predators, it makes no sense not to do so.
However, again, Jedem Das Seine.
Thank you for your reply, I appreciate it. Could you also answer this question, please (a bypass question), as I did post it in sincerity. TIA
Last edited:
Can I interpret your above statement to mean Voodooshield and or PCmatic would fix this or be the solution?
I was referring to big names, such as Kaspersky and Bitdefender app control, ESET hips, and MS WDAC.
Big Name, Small Name, whatever works.
God knows which one will work, but at least I seek the one with higher odds to work.
Mercedes works, Lada also works, but if I can afford, I will seek Mercedes.
Used to drive Lada for years long time ago; their worst product, while K is their best
Yes of course. Good to have options, choose the best one that is affordable to you. That is common sense I agree with you.
Just wish I could have my Kaspersky back...
If it was dangerous EVERY country would ban it.
Someone in Biden Admin, got butt hurt and threw a sissy, hissy fit.
There is no "indispensable" AV; just select the one best fits your needs among the available.
Panic erupted when @cruelsister's "BEAR" bomb went off... Everyone's frantically searching for the defuse button—PAWS the unBEARable chaos... HUG COMODO!
It is rather like a video clip about a bear attacking a man in Alaska. People are frightened even on Sahara.
@Shadowra should test the various deny-by-default products head to head, including some of the 139 known malicious file types, along with a false positive / usability test.
Then we will all know which ones drive like a Mercedes
.
He needs a license for PCMatic@Shadowra should test the various deny-by-default products head to head, including some of the 139 known malicious file types, along with a false positive / usability test.
Then we will all know which ones drive like a Mercedes
I will buy the license if @Shadowra is interested.
They are all reputation-based blocking or detection and filtering. Same goes with DNS, which is filtering and there's a lot of wonkiness to it. It is not anywhere near the simplistic assumptive thinking of the average human - even the "advanced users." In other words, there's nothing that you can really depend upon with a high level of confidence as far as browser extensions.
The only way to cover the most potential threats and survive is default deny and knowledge.
One can adopt and adhere to a high effective manual security process, but most people just want to install something and call it a day because they expect software to do it all for them.
You may also like...
-
Advent of Configuration Extraction – Part 2: Unwrapping QuasarRAT’s Configuration- Started by Khushal
- Replies: 1
-
AI-Driven Obfuscated Malicious Apps Bypassing Antivirus Detection to Deliver Malicious Payloads- Started by Brownie2019
- Replies: 2
-
Satori Threat Intelligence Alert: SlopAds Android Malware Covers Fraud with Layers of Obfuscation
- Started by Khushal
- Replies: 0
-
iDefender Pro (Présentation & Reviews)- Started by Shadowra
- Replies: 8