- Apr 13, 2013
- 3,147
A really nice 48 minute Documentary on Malware, Hacking, etc by VPRO (the Dutch public broadcasting organisation).
Zero days - security leaks for sale (VPRO Backlight)
- Thread starter cruelsister
- Start date
- Apr 17, 2016
- 36
Excellent movie. Thanx for link
@cruelsister: do you have any recommandation on fileless infections ? I use CFW with youre settings applied.
@cruelsister: do you have any recommandation on fileless infections ? I use CFW with youre settings applied.
Last edited:
- Mar 15, 2011
- 13,070
I've watched it yesterday, and the valid points are already observed.
The thing of zero days for me is like a manipulation process in order to make security companies pay attention to their process techniques however that cycle is just happening all over again without any concrete solution.
The thing of zero days for me is like a manipulation process in order to make security companies pay attention to their process techniques however that cycle is just happening all over again without any concrete solution.
- Apr 17, 2016
- 36
here is good insider look at 0-day "industry" Hacking Team: a zero-day market case study
there is some big money involved .... i am afraid that there is so mouch of unknown exploit out there that default deny policy is only survivable tactic ... even decision based on sandboxing is not an option anymore since more and more of such a "programs" detect virtualization and behave (until we let them into live system) .... and additional problem is that there if stuff with valid digital certificate and signature around ... but since most of the 0day clients are gov users signature and/or digi cert is not a problem i think ...
there is some big money involved .... i am afraid that there is so mouch of unknown exploit out there that default deny policy is only survivable tactic ... even decision based on sandboxing is not an option anymore since more and more of such a "programs" detect virtualization and behave (until we let them into live system) .... and additional problem is that there if stuff with valid digital certificate and signature around ... but since most of the 0day clients are gov users signature and/or digi cert is not a problem i think ...
- Apr 13, 2013
- 3,147
Very excellent points. One thing that I've noticed is that since Sandboxie was acquired by Invincea there has been an increasing number of malware that will check for sbiedll.dll. A current example is Powersniff- if the Sandboxie dll is found the malware will play innocent hoping the user tries it outside of the box.
And regarding digitally signed malware- I'm starting a RAT series this weekend that will use a valid certificate.
And regarding digitally signed malware- I'm starting a RAT series this weekend that will use a valid certificate.
- Aug 2, 2015
- 4,286
- Apr 17, 2016
- 36
@cruelsister: so do you think that current Commodo online file validation is usseles, since is based on digital signature? Shuld we disable "trust aplications signed by trusted vendors" ? I already disabled sandox and set up auto sandbox to block ALL unknown files from ALL locations .
Similar threads
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
