The little virus that took down an empire

Every day, all around the world, malware is attacking organizations and businesses from all sizes, affecting their day-to-day activities and causing businesses losses which can be significant. When you think about it, all it takes is one little malware to take down even the biggest of organizations. This reminds me of the epiphany moment David Read more about The little virus that took down an empire[…]

Deceptive Bytes integrated Windows Defender & Firewall to its platform

Deceptive Bytes latest version and first release of 2020 brings with it an additional boost to organizations’ cyber security stack as we added the capability to control Windows Defender & Windows Firewall through our platform. “Deceptive Bytes enables enterprises, SMBs and MSSPs to bolster their security with a lightweight solution that reduces operational burden & Read more about Deceptive Bytes integrated Windows Defender & Firewall to its platform[…]

Code injection

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware initiates a DLL injection, it does the following Open or create a process for injection (via CreateProcess/OpenProcess API calls) Allocate memory in said process (via Read more about The “Early Bird Special” – a new twist on the “Early Bird” injection technique[…]

Deception word cloud

Deception in real-world situations

A few days ago it was reported that Israel’s Defense Forces has used deception against Hezbollah, making the latter believe its strike against the IDF was successful and caused several injured soldiers. It’s not the first time deception has been used to trick enemies and in other dangerous situations, here are some examples… #1 – Read more about Deception in real-world situations[…]

Chernobyl disaster main lessons for CyberOps in 2019

So, what can be learned from the Chernobyl disaster and how it can be implemented in Cyber security operations? Lately, everyone is talking about the new HBO miniseries, Chernobyl, portraying one of the biggest man-made disasters which happened 33 years ago near a small city of Pripyat. Chernobyl was an RBMK type nuclear power plant Read more about Chernobyl disaster main lessons for CyberOps in 2019[…]

Endpoint protection & misconceptions

#1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are Read more about Endpoint protection & misconceptions[…]

AVs: The Windows update that broke them all!

OK, maybe not all of them, but here’s the story.. Last month Microsoft released its usual OS updates to Windows on what is known to be Patch Tuesday. Not long after reports started to appear regarding machines freezing that are unable to load after a reboot. It turned out to be an issue with several Read more about AVs: The Windows update that broke them all![…]

Why ML/AI is not cyber and endpoint security savior

Artificial Intelligence (AI) and Machine Learning (ML) are considered the next evolution in computer science as they allow computers to perform complex decisions and tasks that were up until now reserved to humans. Their potential is so powerful that films such as The Terminator depict how they become smarter than their creators, turn against humanity Read more about Why ML/AI is not cyber and endpoint security savior[…]

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is integrated into Windows since Vista. Test-case: Microsoft Windows Defender Let’s look at Windows Defender and cases where it missed detecting potential threats. Malicious macros In Read more about Deceptive Bytes found detection issues in Microsoft’s Windows Defender[…]