Diving into YarGen

Last time, we talked about how to detect malware using YARA, and how to find YARA rules to use online. But if you can't find YARA rules published online that suits your needs, you'll need to write your own rules instead!

Read more

Malware Detection Using Yara

Have you ever wondered how malware is detected? How do malware scanners work? How does Gmail know that the suspicious attachment you got was "dangerous"? After all, malware comes in all shapes and sizes, and there is no one characteristic that tells you whether a file can cause harm or not.

Read more

Linux Privilege Escalation Using Capabilities

In Linux environments a superuser can do practically anything and is not bounded by normal security checks. In other words, the superuser has a number of privileges which allow him to change the system as he pleases. Linux divides these privileges into distinct units, known as capabilities. These capabilities can be added to an executable, which will give any user running that executable the specific superuser privilege defined by the capability.

Read more

Windows Authentication with NTLM

Windows authentication is based on many security best practices although it has several weaknesses especially when it comes to legacy authentication in the form of New Technology LAN Manager (NTLM), which first debuted with Windows NT in the mid 1990's.

Read more