Zero days - security leaks for sale (VPRO Backlight)

[cruelsister]

A really nice 48 minute Documentary on Malware, Hacking, etc by VPRO (the Dutch public broadcasting organisation).

 

[Der.Reisende]

A very good documentary, worth watching Thank you for sharing @cruelsister

 

[1qay1qay]

Excellent movie. Thanx for link

@cruelsister: do you have any recommandation on fileless infections ? I use CFW with youre settings applied.

 

[jamescv7]

I've watched it yesterday, and the valid points are already observed.

The thing of zero days for me is like a manipulation process in order to make security companies pay attention to their process techniques however that cycle is just happening all over again without any concrete solution.

 

[1qay1qay]

here is good insider look at 0-day "industry" Hacking Team: a zero-day market case study

there is some big money involved .... i am afraid that there is so mouch of unknown exploit out there that default deny policy is only survivable tactic ... even decision based on sandboxing is not an option anymore since more and more of such a "programs" detect virtualization and behave (until we let them into live system) .... and additional problem is that there if stuff with valid digital certificate and signature around ... but since most of the 0day clients are gov users signature and/or digi cert is not a problem i think ...

 

[cruelsister]

Very excellent points. One thing that I've noticed is that since Sandboxie was acquired by Invincea there has been an increasing number of malware that will check for sbiedll.dll. A current example is Powersniff- if the Sandboxie dll is found the malware will play innocent hoping the user tries it outside of the box.

And regarding digitally signed malware- I'm starting a RAT series this weekend that will use a valid certificate.

 

[_CyberGhosT_]

And regarding digitally signed malware- I'm starting a RAT series this weekend that will use a valid certificate.

Looking forward to it cruelsis,

 

[1qay1qay]

@cruelsister: so do you think that current Commodo online file validation is usseles, since is based on digital signature? Shuld we disable "trust aplications signed by trusted vendors" ? I already disabled sandox and set up auto sandbox to block ALL unknown files from ALL locations .