
I think i am a target
I seriously think i am a targwt
358 publicly visible posts • joined 22 Jun 2021
whitelisting – and runtime protections - easily bypassed by sideloading SIGNED DLL binaries with LoL bins, using valid certificates - $500 USD in the market
API traffic anomalies - requires the attacker to "train" your AI/ML to accept anomaly as normal business logic. Takes time, but can be done
Due to its own geopolitical goals, some people would never work for the NSA or any other USA-related organization. Amazingly, some people do not like USA/UK and even DESPISE them.
I know some engineers facing huge professional and personal costs due to this decision. But politiness should prevail.
Try to block:
- Command and control using youtube, whatsapp, telegram, google drive, github. You cannot.
- Try to make employees to not open word documents. They can have zero days, not only macros, and those can be sent inside a hijacked email thread from a "trusted" person. If you block, they cannot work.
Basically, you are only going to stop the less skilled hacker which buys "kits" on the open market. High skilled actors will ALWAYS find a way to penetrate your network. ALWAYS.
Whielist does not work well if the attacker uses legitimate windows binaries to sideload DLLs, or powershell. A popular brand of ATM uses whitelisting, but attacks using DLLs are still possible.
Firewalls are useless with github, youtube, google drive used as C2. CANVAS from ImmunityInc uses these also.
Finally, zero days.
Lucky in other countries, the tactics used by USA prosecutors/FBI/NSA are largely considered illegal, and would undermine due process. Actually huge compensations are more likely.
Imagine a NSA confidential program being exposed to the public.
@mark l 2 - I doubt any sane Russian hacker with some intelligence knowledge would use his skills to support USA/NSA. From what I have seem from foreigners, it is either his own country or Russia. Never USA.
Try to protect those networks with SCADA interconnections.. Like valves, gas pumps, fissile material, eletric grid switches, heavy machinery, etc...
The rest is just childs play. They will encrypt a few documents/databases and your insurance will cough up some millions to the kids.
Business as usual.
Are you serious? We are watching Oil prices skyrocketing in gas pumps at USA
China partnering with Russia, including in banking. If they setup the SWIFT-like alternative, bye bye Petrodollar
USA desperate for oil reaching Iran and Venezuela, lifting sanctions and being dumped by the Saudis
Russian intelligence is currently sitting at a massive throve of Intel from US Military/Justice due to SolarWinds, to be used when it better fits
Patience is not defeat