Diving into YarGen
Last time, we talked about how to detect malware using YARA, and how to find YARA rules to use online. But if you can't find YARA rules published online that suits your needs, you'll need to write your own rules instead!
Malware Detection Using Yara
Have you ever wondered how malware is detected? How do malware scanners work? How does Gmail know that the suspicious attachment you got was "dangerous"? After all, malware comes in all shapes and sizes, and there is no one characteristic that tells you whether a file can cause harm or not.
Linux Privilege Escalation Using Capabilities
In Linux environments a superuser can do practically anything and is not bounded by normal security checks. In other words, the superuser has a number of privileges which allow him to change the system as he pleases. Linux divides these privileges into distinct units, known as capabilities. These capabilities can be added to an executable, which will give any user running that executable the specific superuser privilege defined by the capability.