Counter Deception

-
Taken from Counter Deception from DefCon 32 Tim Cross & Greg Conti talk.


https://youtu.be/gHqDEMrqTjE?si=GfWtC5JReTqC5M_E

Comments

Post a Comment

Popular posts from this blog

Put a safety on that toggle! Automating SAFE Dynamic Mitigation

-
Image
How to Build tuned Profiles for Dynamic Linux Kernel Mitigations dynamic mitigation functionality was created by AMD engineer David Kaplan, linked here is an article discussing it The recent introduction of "Dynamic Mitigations" for the Linux kernel provides a powerful new capability: the ability to enable or disable CPU security mitigations at runtime without a reboot. This is managed by writing to a special file at /sys/devices/system/cpu/mitigations . While you can do this manually with a simple echo command, a more robust and manageable approach is to use the tuned daemon. tuned is a system service designed to switch between performance profiles, making it the perfect tool for this job. This guide will show you how to create custom tuned profiles to easily manage your system's security and performance posture. ​ Start Somewhere : Create a Custom tuned Profile Creating a custom profile is straightforward. First, you need to create a new directory for...
Read more

Tito : Complete In-Memory Toolkit & Methodology.

-
Image
The Stealthy Assassin: An In-Memory Rootkit Philosophy GITHUB REPO WITH ALL RELEVENT FILES A Historical Perspective on Fear and Stealth For those not well-versed in history, one of the most daring letters of all time was sent to Stalin from Josip Broz Tito, the leader of the former Yugoslavia. It read: "Stop sending people to kill me. We've already captured five of them, one of them with a bomb and another with a rifle. If you don't stop sending killers, I'll send one to Moscow, and I won't have to send a second." Knowing Stalin's reputation, few would dare make such a threat. Tito lived to the age of 87, and reports of assassination attempts ended after that letter. He was one of the few who scared Stalin enough to back off. When I considered the stealthy assassin this rootkit could be, only one name came to mind: Tito . The Shift to In-Memory Methodology For a while now, malware has been moving toward an in-memory-only methodology. It is obviously easie...
Read more