A Lamb Amongst the Sheep

Intro

We recently were invited and gladly accepted to participate in the first round of NSS Labs Endpoint Detection and Response (EDR) testing. We are very proud to have …

Read more

Investigating Privilege Elevation on Linux

Manually calling patients to remind them of their appointments is a significant time-drain for your staff. The last thing a medical office needs is for one of its essential medical …

Read more

Insider Threats

The increasing connectivity and openness of today’s information systems often lets cyber-attackers find ways into a system across many different paths. Data from the …

Read more

Detection of Privilege Elevation by Malware on Linux

One of the hallmarks of targeted cyber attacks is to seek, from an execution toehold on a host, to increase its computational privileges in order to assert greater control of the …

Read more

How To Test Malware Detection Capabilities

From a software quality perspective comes the idea to verify our system detection capabilities. More specifically, we aim at verifying that the overall system is able to detect …

Read more

Defending From Endpoint Agent Disablement Cyber Attacks

When actively monitoring endpoints to detect signs of cyber attacks, preserving visibility through the endpoint sensor is crucial. A likely attack scheme for malware stops the …

Read more

Process Hollowing Analysis For Malware Detection

Following a webinar hosted by my colleague Justin Seitz two weeks ago, we discuss here of the detection of process hollowing, and how this capability may help in detecting ongoing …

Read more

Some Freedom In Your Virtualization Solution, Using QEMU

Virtual machines are a very common practice nowadays, for reasons ranging from emulation to sandboxing. But when it comes to virtualization platforms, which solutions are there? …

Read more