Code injection

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Deception word cloud

Deception in real-world situations

A few days ago it was reported that Israel’s Defense Forces has used deception against Hezbollah, making the latter believe its strike against the IDF was successful and caused several injured soldiers. It’s not the first time deception has been used to trick enemies and in other dangerous situations, here are some examples… #1 – Read more about Deception in real-world situations[…]

Chernobyl disaster main lessons for CyberOps in 2019

So, what can be learned from the Chernobyl disaster and how it can be implemented in Cyber security operations? Lately, everyone is talking about the new HBO miniseries, Chernobyl, portraying one of the biggest man-made disasters which happened 33 years ago near a small city of Pripyat. Chernobyl was an RBMK type nuclear power plant Read more about Chernobyl disaster main lessons for CyberOps in 2019[…]

Endpoint protection & misconceptions

#1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are Read more about Endpoint protection & misconceptions[…]

AVs: The Windows update that broke them all!

OK, maybe not all of them, but here’s the story.. Last month Microsoft released its usual OS updates to Windows on what is known to be Patch Tuesday. Not long after reports started to appear regarding machines freezing that are unable to load after a reboot. It turned out to be an issue with several Read more about AVs: The Windows update that broke them all![…]

Why ML/AI is not cyber and endpoint security savior

Artificial Intelligence (AI) and Machine Learning (ML) are considered the next evolution in computer science as they allow computers to perform complex decisions and tasks that were up until now reserved to humans. Their potential is so powerful that films such as The Terminator depict how they become smarter than their creators, turn against humanity Read more about Why ML/AI is not cyber and endpoint security savior[…]

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is integrated into Windows since Vista. Test-case: Microsoft Windows Defender Let’s look at Windows Defender and cases where it missed detecting potential threats. Malicious macros In Read more about Deceptive Bytes found detection issues in Microsoft’s Windows Defender[…]

Deceptive Bytes found detection issues in Symantec Endpoint Protection

In previous posts we explained that traditional Anti-malware software is not working anymore and we gave tips on how to improve your security with non-security tools. But why is your Anti-malware not enough? One of the reasons is that it doesn’t handle changes too well (which is commonplace knowledge among security experts). Background Malware uses Read more about Deceptive Bytes found detection issues in Symantec Endpoint Protection[…]

CB Insights selected Deceptive Bytes as one of the most promising startups in cyber security

CB Insights published their early-stage cyber security (startups) periodic table, stating that the selected companies are considered as the leading startups across different emerging sectors, you can find Deceptive Bytes under deception security. “We put together a periodic table of early-stage cybersecurity that spotlights the industry’s most promising young startups, emerging industry categories, and most active investors.”