Blog

Featured Article

process-hollowing-analysis-for-malware-detection

Process Hollowing Analysis For Malware Detection

Following a webinar hosted by my colleague Justin Seitz two weeks ago, we discuss here of the detection of process hollowing, and how this capability may help in detecting ongoing cyber attacks.

Read more

Most Recent Article

insider_threats

Insider Threats

The increasing connectivity and openness of today’s information systems often lets cyber-attackers find ways into a system across many different paths. Data from the 2016/2017 Global Fraud and Risk Report by Kroll shows that more than 85% of executives experienced a cyber incident over the past year. It’s important to say that an “incident” is not necessarily synonymous with a breach.  The report summed up the type of incidents this way:

Read more

insider_threats

Insider Threats

investigating_privilege_elevation_on_linux

Detection of Privilege Elevation by Malware on Linux

live_remote_memory_forensics_with_snow

Detecting Malware Through Process Chain Analysis

how_we_test_our_detection_capabilities

How To Test Malware Detection Capabilities

Executive Space

Detection of Privilege Elevation by Malware on Linux

One of the hallmarks of targeted cyber attacks is to seek, from an execution toehold on a host, to increase its computational privileges in order to assert greater control of the system. Once the attacker has attained this position, it may become tremendously difficult to detect them, especially if they act and persist through a kernel rootkit. Fortunately, the privilege elevation process tends to be noisy, and can be detected prior to succeeding, if one looks for the proper clues. This article presents detection heuristics for privilege elevation on Linux systems.

Read more

Benoit Hamelin

[email protected]