Ten Process Injection Techniques

[509322]

ok, since I used f-secure I did some search and found a white paper about DEEPGUARD! seems it can detect these attacks@shmu26 keep calm and buy an F-secure
https://www.f-secure.com/documents/996508/1030745/deepguard_whitepaper.pdf
2.1 Process monitoring
Applications are monitored for a number of suspicious actions, including (but not limited to): y Modifying the Windows registry y Editing files in certain critical system directories y Injecting code in another process’s space y Attempting to hide processes or replicate themselves As legitimate programs will also perform such actions from time to time, DeepGuard does not red-flag a program on the basis of a single action but instead watches for multiple suspicious operations. Once a critical threshold of suspect actions is reached, DeepGuard will block the process from continuing. If available, file reputation and prevalence rating information from the Security Cloud is taken into account to determine this critical threshold. For example, DeepGuard treats files with a low-prevalence rating more aggressively by lowering the critical threshold of suspicious actions that can be performed before the file is blocked

the deep guard is more than that(just take a look at pdf)!so worth the price

If documentation states "protects against code injection," that does not mean it protects against any and all code injection techniques. Just like most things in life, you have to qualify it first to know exactly and precisely what it means.

 

[Sunshine-boy]

If documentation states "protects against code injection," that does not mean it protects against any and all code injection techniques. Just like most things in life, you have to qualify it first to know exactly and precisely what it means.

So what kind of software can detect at least 90% of these exploits and attacks?I guess only enterprise grade software right?

 

[509322]

So what kind of software can detect at least 90% of these exploits and attacks?I guess only enterprise grade software right?

The short answer is "None." Malc0ders are constantly finding new ways to bypass security softs. You cannot create an "impenetrable fortress." It just ain't technologically nor logistically possible. "Impenetrable PC" = one that is never plugged-into a power outlet.

If you mean specifically the 10 methods in that linked article, honestly I do not know. Yes, I guess that is what you asked specifically.

Is it something that you need to worry about ? The short answer again is "No." The probability that nothing bad will happen is always working in-favor of the end-user who uses solid protection.

Do you understand why worrying about IT security reports is a waste of your mental and emotional energies ?

 

[Sunshine-boy]

You cannot create an "impenetrable fortress

Thanks for your explanations i know that I just wanted to know.I know these things will not happen for me I'm just curious

Do you understand why worrying about IT security reports is a waste of your mental and emotional energies ?

I know what you mean ok I will not think about these things anymore<3.sir umbra post these topics in purpose to make us sick

 

[509322]

I know what you mean ok I will not think about these things anymore<3.sir umbra post these topics in purpose to make us sick

@Umbra posted it to educate. Knowledge is power. You don't need to understand at coding level, just the overall security concepts for better awareness. Combine user awareness\knowledge with security softs and that is best solution of all.

 

[509322]

I know what you mean ok I will not think about these things anymore<3.sir umbra post these topics in purpose to make us sick

IT security sites over-dramatize. They almost never explain, for example, "with this here specific exploit the vast majority of home users do not need to anything on their systems and need not worry." Those kind of important details are never mentioned.

 

[Sunshine-boy]

@Umbra posted it to educate. Knowledge is powerful. Combine user awareness\knowledge with security soft and that is the best solution of all.

lol, know I'm joking.
I already read about this things but for a limited time, I tried to forget it but again when i saw this topic..

 

[509322]

lol, know I'm joking.
I already read about this things but for a limited time, i tried to forget it but gain when i saw this topic..

You don't seem like an ultra-paranoid to me. If you are, then you hide it well.

 

[Sunshine-boy]

ultra-paranoid

I'm not sick lol!just normal like others every one wants to know how to detect these things.. it's not paranoid!

 

[509322]

I'm not sick lol!just normal like others every one wants to know how to detect these things.. it's not paranoid!

A lot of people on the forums wear a tinfoil hat.

 

[HarborFront]

IDK about Kasper sky i never used it(is there any white paper for Kasper behavior blocker?), some one should test BD(free) f-secure, KIS and AVG(free) and EMSI!

I believe if you check the video section here you can find that they have already being done

 

[Sunshine-boy]

They tested against ransomware or smth like that( if I'm not wrong) there is no test about exploit! or memory attack?! I don't watch(usually)the videos because i don't have bandwidth I just read the comments and the subject

 

[509322]

They tested against ransomware or smth like that( if I'm not wrong) there is no test about exploit! or memory attack?! I don't watch(usually)the videos because i don't have bandwidth I just read the comments and the subject

The article provides hashes for 10 samples that attack using the corresponding code injection technique. Find the samples and then test the software you are interested in against it. You have to setup the security soft correctly to get the testing right.

 

[509322]

Here is what you need to test. Use the Sha256 and locate the sample with it. The hard part will be finding the samples. I would be really surprised if more than 1 or 2 of the samples can be easily located using the usual sources that people here use.

 

[Sunshine-boy]

man

Here is what you need to test. Use the Sha256 and locate the sample with it. The hard part will be finding the samples. I would be really surprised if more than 1 or 2 of the samples can be easily located using the usual sources that people here use.

View attachment 161918

many thnx was searching for smth like that thank you