Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0 Days, and ESET (Part 2)
Message
<blockquote data-quote="cruelsister" data-source="post: 1084083" data-attributes="member: 7463"><p>To clarify things, the real reason behind the last 2 videos (and they were always intended to be a set) was to highlight the Clear and present Danger that Living off The Land techniques pose not just for the individual, but to Society at large (a point stressed by the FBI Director to Congress last week).</p><p></p><p>The concern over utilizing legitimate Windows binaries for foul purposes and the need to protect against them has been a major concern of Microsoft for a number of years and they have taken steps against LOL techniques (thus Defender easily fended off the attack in Video 1):</p><p></p><p>Example: <a href="https://www.microsoft.com/en-us/security/blog/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/" target="_blank">Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV | Microsoft Security Blog</a></p><p></p><p>Governments are also concerned as they have reasons to believe Critical Infrastructure is at risk. From the NSA:</p><p></p><p><a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3669159/combatting-cyber-threat-actors-perpetrating-living-off-the-land-intrusions/" target="_blank">Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions</a></p><p></p><p>In the statement it is noted that the Cybersecurity and Infrastructure Security Agency (CISA) urges software manufacturers to implement secure by design rules in their software, to reduce the prevalence of weak default configurations.</p><p></p><p>Finally, about the malware used in this video- the entry point was a LoLBin; this opened the door to fileless malware attack which would have not been successful if the product tested was aware of the initial entry, and in these times ignorance is sub-optimal (ESET- Knock, Knock).</p></blockquote><p></p>
[QUOTE="cruelsister, post: 1084083, member: 7463"] To clarify things, the real reason behind the last 2 videos (and they were always intended to be a set) was to highlight the Clear and present Danger that Living off The Land techniques pose not just for the individual, but to Society at large (a point stressed by the FBI Director to Congress last week). The concern over utilizing legitimate Windows binaries for foul purposes and the need to protect against them has been a major concern of Microsoft for a number of years and they have taken steps against LOL techniques (thus Defender easily fended off the attack in Video 1): Example: [URL="https://www.microsoft.com/en-us/security/blog/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/"]Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV | Microsoft Security Blog[/URL] Governments are also concerned as they have reasons to believe Critical Infrastructure is at risk. From the NSA: [URL="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3669159/combatting-cyber-threat-actors-perpetrating-living-off-the-land-intrusions/"]Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions[/URL] In the statement it is noted that the Cybersecurity and Infrastructure Security Agency (CISA) urges software manufacturers to implement secure by design rules in their software, to reduce the prevalence of weak default configurations. Finally, about the malware used in this video- the entry point was a LoLBin; this opened the door to fileless malware attack which would have not been successful if the product tested was aware of the initial entry, and in these times ignorance is sub-optimal (ESET- Knock, Knock). [/QUOTE]
Insert quotes…
Verification
Post reply
Top