Avi Lamay, Author At Deceptive Bytes - Prevention By Deception

Case study – preventing Malgent trojan horse

Intro Yesterday (September 12th, 2024) our Active Endpoint Deception platform prevented a new variant of Malgent trojan horse that was built just a few hours prior to the attack on

Deceptive Bytes discovers DLL hijacking vulnerabilities in Microsoft’s SysInternals tools

Background We previously covered DLL Hijacking when we discovered extensive vulnerabilities in .NET, which potentially open any .NET application to such attacks. Additionally, this is not the first time that

Recent attacks on European organizations

Deceptive Bytes’ research team detected in recent days a wave of attacks on European organizations, while the attacks are not that sophisticated, they employ social engineering to make users run

Deceptive Bytes discovers additional .NET DLL hijacking vulnerability

Background DLL hijacking (aka spoofing) is an attack on an application where the attacker uses a DLL the application tries to load that is missing or from an unexpected location

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

There are many injection techniques used by malware authors, from simply calling CreateRemoteThread to advance ones like AtomBombing, PROPagate & others. How basic DLL injections work? Usually when a malware

Deception in real-world situations

A few days ago it was reported that Israel’s Defense Forces has used deception against Hezbollah, making the latter believe its strike against the IDF was successful and caused several

Endpoint protection & misconceptions

#1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing

Tricks used by malware authors to protect their malicious code from detection

In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is

Deceptive Bytes found detection issues in Symantec Endpoint Protection

In previous posts we explained that traditional Anti-malware software is not working anymore and we gave tips on how to improve your security with non-security tools. But why is your

BLOG

Learn What's New With Us And In Cyber Security

Case study – preventing Malgent trojan horse

Deceptive Bytes discovers DLL hijacking vulnerabilities in Microsoft’s SysInternals tools

Recent attacks on European organizations

Deceptive Bytes discovers additional .NET DLL hijacking vulnerability

The “Early Bird Special” – a new twist on the “Early Bird” injection technique

Deception in real-world situations

Endpoint protection & misconceptions

Tricks used by malware authors to protect their malicious code from detection

Deceptive Bytes found detection issues in Microsoft’s Windows Defender

Deceptive Bytes found detection issues in Symantec Endpoint Protection

CONTACT US

Request a free trial or send us a message

Threats

Use-cases

Solution

Resources

Contact us

Let's get in touch

Request a demo or send us a message