Questions tagged [detection]
Detection is the act of discovering and/or determining the existence, presence, or fact of something.
254 questions
1
vote
1
answer
98
views
Standard format for malware behavioral rules
Is there a standard format for behavioral rules for detecting malware?
Yara is a standard format for static signatures, e.g., matching based on strings and byte sequences. I'm wondering if there is a ...
- 101k
1
vote
0
answers
184
views
Base64 encoded payload detection rule on crowdstrike
I am new to threat detection. I was figuring out a way for crowdstrike falcon to block the execution of malicious base64 encoded payloads on a Linux machine.
Wanted to know if a setting prevention ...
- 11
2
votes
1
answer
385
views
Difference between PS Remoting and Winrs from a detection standpoint
From a detection standpoint, when pivoting inside a network what difference (if any) is there between establishing a remote connection between using Enter-PSSession -ComputerName PC1 vs winrs -r:PC1 ...
- 531
7
votes
2
answers
4k
views
How should I report a Man-in-the-Middle attack in my workplace?
I work at a small-to-medium business. Most of my coworkers were born in the 1960s and do not have a background in computer science. I have a background in computer science, but I specialize in ...
- 181
0
votes
1
answer
175
views
SACL for shadow copies
I'm researching the topic of detecting registry dump from disk shadow copies and realize that I don't see any specific events in the Windows and Sysmon logs.
I tried a simple copy with the command:
...
- 11
1
vote
1
answer
529
views
Bypassing root detection qualify as a vulnerability?
I am working on security testing of an android application. There is a root detection in the Android application. objection, frida etc. It is possible to bypass this with ways.
My main question is: ...
- 35
1
vote
1
answer
306
views
Understanding XDR Detection Methods
I'm interested in security and redteaming in particular, and as I'm learning about the subject I'm trying to find out what kind of things a blue team EDR/XDR solution will look for as part of its ...
- 11
0
votes
1
answer
481
views
How does Windows Defender for Mac block applications and how can people evade the block?
I am using MS Defender for Mac to specify a list of unwanted applications on the managed devices in my company. I am concerned that some users try to evade the detection by altering the binaries of ...
- 51
0
votes
1
answer
162
views
Any (opensource) tool that we can use to detect if our computers has been installed applications that have proxies services
Read something like this on reddit "someone can also be a regular user who does not read terms and conditions of apps that they install. Some apps might include code that will enable them to run ...
- 173
1
vote
0
answers
127
views
Effectiveness of USB flash testing software
So I've just had an SD card ruined & while it's not very expensive, I'd rather have it last me a much, much longer time. As a precaution going forward now, I'd like to be able to detect right away ...
- 111
1
vote
0
answers
143
views
Kusto to Osquery translator?
Osquery is a great open standard for collecting data from endpoints, using SQL syntax.
Kusto is a new Microsoft language for collecting data from Windows endpoints, using syntax which is almost--but ...
- 3,331
4
votes
2
answers
1k
views
Has malware detected mitmproxy and similar tools used to intercept and analyze malicious traffic?
When trying to analyze malware, have there been cases where malware detected the use of mitmproxy and ceased operation?
If that has happened, would it be a good idea to be constantly using a proxy as ...
- 1,697
0
votes
0
answers
171
views
Windows 10 Cybersecurity on Stand-Alone Computer
I have been asked to investigate what capabilities exist within Windows 10 where the environment for this system is isolated. I believe it would not be able to benefit from an enterprise security ...
- 255
0
votes
1
answer
211
views
Has there ever been a case of dangerous industrial malware, which would destroy motherboards and similar PC components and how to protect [duplicate]
I heard many years ago from word of mouth that this kind of malware exists, which could for example blow up capacitors in your PC.
Has such malware or something even remotely similar ever existed?
...
- 1,697
3
votes
3
answers
1k
views
How can I have my process detect if antivirus injected a module or DLL to it?
I am writing an installer process (.exe). My installer deploys different components. It will add registry entries, copy files, copy files over the network, remote execute, remote PowerShell, local ...
- 133