The “Early Bird Special” – a new twist on the “Early Bird” injection technique

Posted on 2019-10-102019-11-25 by Avi Lamay

There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Deception in real-world situations

Posted on 2019-09-042019-09-04 by Avi Lamay

A few days ago it was reported that Israel’s Defense Forces has used deception against Hezbollah, making the latter believe its strike against the IDF was successful and caused several injured soldiers. It’s not the first time deception has been used to trick enemies and in other dangerous situations, here are some examples… #1 – Read more about Deception in real-world situations[…]

Endpoint protection & misconceptions

Posted on 2019-07-092019-07-09 by Avi Lamay

#1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are Read more about Endpoint protection & misconceptions[…]

Tricks used by malware authors to protect their malicious code from detection

Posted on 2018-07-092018-07-09 by Avi Lamay

In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do malware authors know if an environment is safe for them to attack or not? There are plenty of indicators about a system that they check Read more about Tricks used by malware authors to protect their malicious code from detection[…]

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Posted on 2018-06-142018-06-14 by Avi Lamay

Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is integrated into Windows since Vista. Test-case: Microsoft Windows Defender Let’s look at Windows Defender and cases where it missed detecting potential threats. Malicious macros In Read more about Deceptive Bytes found detection issues in Microsoft’s Windows Defender[…]

Deceptive Bytes found detection issues in Symantec Endpoint Protection

Posted on 2018-05-172018-05-17 by Avi Lamay

In previous posts we explained that traditional Anti-malware software is not working anymore and we gave tips on how to improve your security with non-security tools. But why is your Anti-malware not enough? One of the reasons is that it doesn’t handle changes too well (which is commonplace knowledge among security experts). Background Malware uses Read more about Deceptive Bytes found detection issues in Symantec Endpoint Protection[…]

Smartrev’s Israeli cyber startup observatory (Jan-2018)

Posted on 2018-02-112018-04-30 by Avi Lamay

We were recently listed in Smartrev Cybersec‘s first Israeli cyber startup observatory (Jan-2018 edition) Go to CyberStartupObservatory.com to learn more about Israel’s cyber startup landscape.

Interview with vpnMentor

Posted on 2018-01-152018-04-30 by Avi Lamay

We recently talked to vpnMentor, a website dedicated to VPNs and web privacy, about Deceptive Bytes, deception technology and data security. Click here read the interview

Deceptive Bytes is participating in CyLon accelerator

Posted on 2017-03-262018-04-30 by Avi Lamay

It’s been a while since we posted but we’ve been very busy presenting at CyberTech’s pavilion, meeting Gartner’s Avivah Litan, interviewing with accelerators and much more. We’re happy to officially announce that Deceptive Bytes was selected and is currently participating in CyLon accelerator’s fifth cohort. Different online media sources like Private Equity Wire, Tech City Read more about Deceptive Bytes is participating in CyLon accelerator[…]

Mozilla Firefox vulnerable to injection via Gecko configuration file

Posted on 2016-11-092018-04-30 by Avi Lamay

Background Code injection is the exploiting of a bug or a system’s design in order to change the behavior of a process, a website or a system. Malware authors usually exploits such bugs in order to infect computers and devices, install malicious viruses and perform different tasks like stealing user’s passwords and banking information, spying Read more about Mozilla Firefox vulnerable to injection via Gecko configuration file[…]