Code injection

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

Estimated reading time: 3 minutes There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Tricks used by malware authors to protect their malicious code from detection

Estimated reading time: 4 minutes In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do malware authors know if an environment is safe for them to attack or not? There are plenty of indicators about a system that they check Read more about Tricks used by malware authors to protect their malicious code from detection[…]