I recently downloaded an ELF file which was discovered from an exploit attempt (wget to download this binary failed due to outgoing traffic being blocked if it isn’t whitelisted). I downloaded it into a VM in order to run some basic analysis on it and uploaded it to virustotal.
My question is, absent some sort of terrible vulnerability in how curl downloads files or how analysis tools handle the files, is there any danger to a binary simply being on your system, without it ever being executed?
I set up an external drive for data backup (an SD card inside my laptop card slot). In addition, I connect with a cloud drive for offsite backup (an app that I run only when syncing files).
I always sign in and use my laptop as a ‘standard’ user. My external drive is set for UAC ‘read’ privilege only.
I then set my data sync app to run as admin only – meaning I need to type in the admin password before data can be synced to my external drive and to the cloud.
Of course I will remain vigilant about keeping OS and apps updated and avoid clicking email links or downloading unsolicited payloads,etc. — but in case I miss something and a ransomware comes through, will my Win 10 system stop that ransomware from encrypting my external drive?
I was scrolling through Internet and I read that Golang was used to create a Malware.Is it good ,will it stay undetected, what will be it’s performance??
I’m in the process of the writing a thesis. A small part of it is to prove that certain malware have certain dependencies which must first be satisfied before they are successful in infecting the host. For instance, a virus must first get on the host and then start executing before infection.
- Dependency 1: getting on the host
- Dependency 2: executing
We know these dependencies to be true from experience and common sense, however, how would be go about formally proving these in computer science? I am not asking for all the proofs (I realize that that’s my job!), but just how to approach them since right now I see no way to formally prove it.
So this fixer that I asked to fix my busted front audio ports injected my PC with KMS-R@in in order to get rid of the activate windows watermark without my consent/knowledge, and it gave me Floxif.E and Floxif.H, and updated the drivers to fix the back ports, which wasn’t even what I asked him for, is there any legal action I can do to make him take responsibility?
By the way, his store’s affiliated with/backed by ASUS.
Some malware authors add benign code/behavior to their malware just to throw off antiviruses and IDSs which employ machine learning to detect malware. There is a name for this technique (and even a Wikipedia page somewhere) but I can’t seem to figure out what it is or find it on Google.
Can you have Anti Virus and Anti Malware layer sitting deep with the microservice layer and have the malicious file flow through all the services ? Argument being the file is in memory and not getting processed until the service we will put the Anti Virus and Anti Malware layer on.
Shouldn’t this be stopped at the routing layer of the application?
My concerns here are of devices like the Rubber Ducky, Bash Bunny, malware-infected USBs and other software-related risks. This does NOT cover hardware risks like the USB Killer.
I currently don’t have a separate computer I can plug things into and let them run wild. I only have an Ubuntu machine that can run VMs like on VirtualBox. I may come across a stray USB and get curious and I’d like to check what’s in that USB. Let’s assume plugging it in won’t physically damage my PC like the USB Killer would.
How can I safely plug in the peripheral (most likely a USB but it can be anything like an audio jack or Ethernet port) to test it? How can I extract the contents of the device without damaging my machine? (I’d prefer to do all this without having to take the device apart)
I am going to start a business but don’t want any of my business tools and work being able to get through to my home network. https://www.amazon.com/GL-iNet-GL-AR750-300Mbps-pre-Installed-Included/dp/B07712LKJM?ref_=fsclp_pl_dp_1 Is that a good enough OpenWRT to ensure that no malware can get to my main network
For this project I want to access software using a VM that may contain malware but I won’t be trying to malware test. I understand that malware can breach but are there any precautions to use the internet and not have the malware come back into my host machine and host network?