* Posts by SecuLution

1 publicly visible post • joined 8 Dec 2016

Crims using anti-virus exclusion lists to send malware to where it can do most damage


Re: Massive AV fail

You mean like that?: http://tinyurl.com/Hahs-Whitelist

AV in general is outdated. Even the NSA points out, the only real protection is a whitelist of applications. Preferable one based on Hash Values. As they're fingerprint-like there is no way to imitate a Hash Value.

Even though a Hash Collision is possible (as a proof of concept), but that doesn't make a hash based Application Whitelist vulnerable.

Also see: https://en.wikipedia.org/wiki/Collision_attack



The Preimage Attack is what you want to go for when attacking a Hash Based Whitelist. If you have enough time, i.e. a few million years!



Your friendly neighborhood Whitelister