funsec mailing list archives
Re: The Rise of Anti-Forensics
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 13 Jul 2007 20:54:54 -0500 (CDT)
On Fri, 13 Jul 2007, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
Date sent: Fri, 13 Jul 2007 02:54:55 +0000 (GMT) From: Paul Ferguson <fergdawg () netzero net>The hackers focus has shifted too, from developing destructive payloads to circumventing detection. Now, for every tool forensic investigators have come to rely on to discover and prosecute electronic crimes, criminals have a corresponding tool to baffle the investigation. This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.Sorry, can't get excited about it. I've seen it: it's been around forever. (It was a bit of a theme of my presentation to ISOI 2.) The first "stealth" virus was Brain, in 1986. The first polymorphic virus was 1987. In 1991 the code used to turn off CPAV (and MSAV) was so prevalent that "the 14 bytes of code" was used as a kind of generic virus signature. We dealt with it then, and we'll deal with it now. In fact, we eventually found that the extra code put into viruses for various forms of antidetection made for larger programs and more opportunities for glitches (as if there weren't enough in viruses anyway). So let the blackhats knock themselves out with antiforensics. Makes the target bigger for us.
Words of wisdom. My first sentiment was: "so?" I mean, anyone remember back when the best effort would be deleting logs? :)
====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org The drop of rain maketh a hole in the stone, not by violence, but by oft falling. - Hugh Latimer Agua mole com pedra dura tanto da ate que fura. Dictionary of Information Security www.syngress.com/catalog/?pid=4150 http://victoria.tc.ca/techrev/rms.htm _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The Rise of Anti-Forensics Paul Ferguson (Jul 12)
- Re: The Rise of Anti-Forensics Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 13)
- Re: The Rise of Anti-Forensics coderman (Jul 13)
- Re: The Rise of Anti-Forensics Gadi Evron (Jul 13)
- Re: The Rise of Anti-Forensics coderman (Jul 13)
- Re: The Rise of Anti-Forensics Valdis . Kletnieks (Jul 13)
- Re: The Rise of Anti-Forensics Dude VanWinkle (Jul 13)
- Re: The Rise of Anti-Forensics Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 13)