Code injection

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

Estimated reading time: 3 minutes There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Why ML/AI is not cyber and endpoint security savior

Estimated reading time: 3 minutes Artificial Intelligence (AI) and Machine Learning (ML) are considered the next evolution in computer science as they allow computers to perform complex decisions and tasks that were up until now reserved to humans. Their potential is so powerful that films such as The Terminator depict how they become smarter than their creators, turn against humanity Read more about Why ML/AI is not cyber and endpoint security savior[…]

Tricks used by malware authors to protect their malicious code from detection

Estimated reading time: 4 minutes In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do malware authors know if an environment is safe for them to attack or not? There are plenty of indicators about a system that they check Read more about Tricks used by malware authors to protect their malicious code from detection[…]