Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

AV Evasion 6: Best-Performing Tactics

Having overviewed antivirus evasion methods that didn’t turn out too efficient, David Maloney now describes some successful approaches that he came up with. We are not going to use stagers anymore, that is to say, we are not going to use the ones that come as payloads in Metasploit Framework. We are going...

AV Evasion 5: Blending in Instead of Hiding the Bad

Continuing to elaborate on ways to circumvent antivirus detection, David Maloney dissects code generation and Ghost-Writing techniques in this regard. One of my co-workers said to me: “What about doing code generation, what if you never put your payload in the executable at all; instead, you have your...

AV Evasion 4: Encoders and Fuzzy NOPs Fail

What gets scrutinized in the given entry is whether or not the use of encoders and generating fuzzy NOPs can help avoid interception by AV. Alright, what about inlining it? Like a said, typically we have been shoving stuff into a variable, then doing some dereferencing tricks in C, and then executing it as...

AV Evasion 3: EXE Templates and Run-Time Dynamic Linking

Delving further into techniques to keep payloads undetected by antiviruses, David Maloney analyzes the efficiency of several popular obfuscation methods. Alright, so how do we get around the problem of the EXE Template? Well, like I said, the default template with no payload is 42 detections. We have the...

AV Evasion 2: Hurdles for Metasploit Payload Execution

David Maloney now breaks the structure of an arbitrary Metasploit payload down into essential constituents and dwells on some common obfuscation problems. So, real quick we are just going to define some terms (see right-hand image), hopefully everyone is familiar with this. In the antivirus world we are...

AV Evasion: Lessons Learned

At DerbyCon event, Metasploit core developer David Maloney aka “Thelightcosine” presents the ins and outs of making payloads undetected by antivirus software. David: Good morning DerbyCon! That’s a lot of people for 10:00 in the morning, so I am just going to throw this out here. I can do this...

Spy-jacking the Booters 7: Fascinating Q&A

This is a captivating questions and answers part reflecting a debate between CloudFlare’s Matthew Prince and Brian Krebs over accusations previously expressed. Question from Matthew Prince: So, Brian, you reached out to me and I actually wrote back to you trying to schedule some time to call, and you never...

Spy-jacking the Booters 6: Types of DDoS Used

Lance James provides further specifics about the investigation of booter services out there, in particular focusing on the 8 types of DDoS being leveraged. Moving on, I started doing database analysis to get a birds-eye view, diverse activity and stuff. We wanted to look at how many people are on this thing...

Spy-jacking the Booters 5: Tracking the Fraudsters Down

It’s now Lance James’ turn to shed light on the activity of booter services from a technical perspective to get a better understanding of who the adversary is. Lance James: How is everybody so far? I’m Lance James, some of you know me. I work at Deloitte. Don’t ask, it’s cool. I get to do some fun...

Spy-jacking the Booters 4: The CloudFlare and PayPal Dilemma

The key spotlight in this part of the presentation is on the issue of legit services like CloudFlare and PayPal being used by booters to stay online and afloat. Rage Booter, pretty much like every single one of these booters out there, was hidden behind CloudFlare, and as I’m sure most of you know, this...