Most client software’s threat models (e.g. Edge, Chrome) explicitly exclude threats where the local computer was compromised by malware. That’s because, without a trusted computing base, it’s basically impossible to be secure against attackers. This concept was immortalized decades ago in the Ten Immutable Laws of Security: In the intervening years, new technologies (like SecureContinue reading “Defensive Technology: Controlled Folder Access”
Category Archives: security
Defensive Technology: Antimalware Scan Interface (AMSI)
Endpoint security software faces a tough challenge — it needs to be able to rapidly distinguish between desired and unwanted behavior with few false positives and false negatives, and attackers work hard to obfuscate (or cloak) their malicious code to prevent detection by security scanners. To maximize protection, security software wants visibility into attack chainsContinue reading “Defensive Technology: Antimalware Scan Interface (AMSI)”
Attack Techniques: Encrypted Archives
Tricking a user into downloading and opening malware is a common attack technique, and defenders have introduced security scanners to many layers of the ecosystem in an attempt to combat the technique: With all this scanning in place, attackers have great incentives to try to prevent their malicious code from detection up until the momentContinue reading “Attack Techniques: Encrypted Archives”
Attack Techniques: Invoice Scams
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — we look at Invoice Scams. PayPal and other sites allow anyone (an attacker) to send anyone (their victims) an invoice containing the text of the attacker’s choosing. In this attack technique, PayPal sends you an email suggesting that the attacker alreadyContinue reading “Attack Techniques: Invoice Scams”
Attack Techniques: Trojaned Clipboard
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”
text/plain 