Evasion
Reactive Progress and Tradecraft Innovation
Detection as PredictionThe overarching goal of a security operations program is to prevent or mitigate the impact of an attacker gaining unauthorized access to an IT environment. In service of this mission, ...
Adaptable ‘Swiss Army Knife’ Malware a Growing Threat
There is a worrying rise in multipurpose malware, which can perform a variety of malicious actions and is adept at evasion, lateral movement and data encryption. These were among the findings of ...
Learning Machine Learning Part 3: Attacking Black Box Models
In the first post in this series we covered a brief background on machine learning, the Revoke-Obfuscation approach for detecting obfuscated PowerShell scripts, and my efforts to improve the dataset and models ...
Trickbot Malware Using Screen Resolution Checks as Anti-VM Tactic
Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). Digital security firm MalwareLab came across a sample of the trojan that ...
Miscreant Hackers Co-Opt CAPTCHAs
Image Courtesy of Microsoft Security In a masquerade and redirection ploy typically utilized by land, sea (surface and submersable), air and (highly likely) space warfare professionals, comes word of the same tactic ...
Firewall Evasion Techniques and Countermeasures
Life finds a way. This is one of my favorite quotes from one of my favorite movies and books, Jurassic Park. Internet traffic, like life, will break free and expand to new ...
Firewall Evasion with UDP (PingTunnel)
This is a follow up post to using PingTunnel to bypass security controls by tunneling traffic over ping. For this example we will use the same tool but do it over UDP ...
Firewall Evasion with ICMP (PingTunnel)
Most networks today use a network based access control system to permit certain traffic and deny others. Since the inception of firewalls and web filters users (and malware) working behind them have ...
