![]() ![]() The assumption is, that for one, runtime packers potentially catch unwanted attention of security products but also, for highly targeted attacks they might not even be necessary at all. In fact, many of the well-known high-profile attack toolsets aren’t protected by a packer at all. Multi-component malware with a well thought-out object oriented design and highly dependent components cause more of a headache for an analyst than any crypter out there. What also presents a remarkable challenge is structured application design, although this might sound somewhat counter-intuitive. At least most of it, as one would think?įor analysts, what poses challenges are techniques such as code obfuscation or the use of well-fortified crypters. ![]() For a malware analyst, this sphere even takes on a whole lot of different shades, as malware by nature aims to hide its threats. The complexity of software is a rather soft metric, that hasn’t undergone much scrutiny in definition. If you are interested in previous parts of the series please check them out here, here and here. Also, this blog entry serves to present our findings on commodity RATs within the corpus of malware we analyzed, as part of our talk at Troopers conference in March. In part 4 of our series “The Kings In Your Castle”, we’re back with the question, what does sophistication even mean? I’ll be outlining what complexity from a malware analyst’s perspective means, why malware intends to be undecipherable and why it sometimes just wouldn’t even try. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |