Dailydave mailing list archives
Re: Tigers are not small.
From: William Arbaugh <warbaugh () gmail com>
Date: Thu, 14 May 2015 10:11:11 -0400
On May 14, 2015 at 9:28:43 AM, Anton Chuvakin (anton () chuvakin org) wrote: On Mon, May 11, 2015 at 12:20 PM, Dave Aitel <dave () immunityinc com> wrote: And I don't know any modern HIDS company willing to offer a solution that they would claim is resilient against an attacker who already has access to the platform and can prepare counter-measures. This is, as the NSA might put it, a "somewhat challenging problem to attack". You know, this question bugged me all the time while I was researching what we now call "the EDR space." How can those agents co-exist with "advanced" attacker on the same endpoint and still deliver useful telemetry? It turned out that SOME of the vendors have in fact thought about it long and hard, and the list of tricks they use to keep reporting from the owned endpoint is long indeed. On the other hand, sad hilarity ensues when some formerly IT ops focused endpoint agents are repurposed for "APT IR".... Exactly - one of the big EDR vendors told me their product was a “rootkit” at RSA 2014.
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Tigers are not small. Dave Aitel (May 08)
- Re: Tigers are not small. Dmitri Alperovitch (May 11)
- Re: Tigers are not small. Dave Aitel (May 11)
- Re: Tigers are not small. Anton Chuvakin (May 14)
- Re: Tigers are not small. William Arbaugh (May 14)
- Re: Tigers are not small. George Bakos (May 27)
- Re: Tigers are not small. Dave Aitel (May 11)
- Re: Tigers are not small. Dmitri Alperovitch (May 11)