Code injection

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

Estimated reading time: 3 minutes There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Deception word cloud

Deception in real-world situations

Estimated reading time: 2 minutes A few days ago it was reported that Israel’s Defense Forces has used deception against Hezbollah, making the latter believe its strike against the IDF was successful and caused several injured soldiers. It’s not the first time deception has been used to trick enemies and in other dangerous situations, here are some examples… #1 – Read more about Deception in real-world situations[…]

Endpoint protection & misconceptions

Estimated reading time: 2 minutes #1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are Read more about Endpoint protection & misconceptions[…]

Tricks used by malware authors to protect their malicious code from detection

Estimated reading time: 4 minutes In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do malware authors know if an environment is safe for them to attack or not? There are plenty of indicators about a system that they check Read more about Tricks used by malware authors to protect their malicious code from detection[…]

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Estimated reading time: 3 minutes Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is integrated into Windows since Vista. Test-case: Microsoft Windows Defender Let’s look at Windows Defender and cases where it missed detecting potential threats. Malicious macros In Read more about Deceptive Bytes found detection issues in Microsoft’s Windows Defender[…]

Deceptive Bytes found detection issues in Symantec Endpoint Protection

Estimated reading time: 4 minutes In previous posts we explained that traditional Anti-malware software is not working anymore and we gave tips on how to improve your security with non-security tools. But why is your Anti-malware not enough? One of the reasons is that it doesn’t handle changes too well (which is commonplace knowledge among security experts). Background Malware uses Read more about Deceptive Bytes found detection issues in Symantec Endpoint Protection[…]

Deceptive Bytes is participating in CyLon accelerator

Estimated reading time: 1 minute It’s been a while since we posted but we’ve been very busy presenting at CyberTech’s pavilion, meeting Gartner’s Avivah Litan, interviewing with accelerators and much more. We’re happy to officially announce that Deceptive Bytes was selected and is currently participating in CyLon accelerator’s fifth cohort. Different online media sources like Private Equity Wire, Tech City Read more about Deceptive Bytes is participating in CyLon accelerator[…]

Mozilla Firefox vulnerable to injection via Gecko configuration file

Estimated reading time: 3 minutes Background Code injection is the exploiting of a bug or a system’s design in order to change the behavior of a process, a website or a system. Malware authors usually exploits such bugs in order to infect computers and devices, install malicious viruses and perform different tasks like stealing user’s passwords and banking information, spying Read more about Mozilla Firefox vulnerable to injection via Gecko configuration file[…]