home.social

#antimalware — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #antimalware, aggregated by home.social.

  1. @MishaVelthuis : firstly, I am definitely not an AI expert.

    W.r.t. source code analysis: in fact one does not need "source code" (e.g. higher level languages) to be able to spot bugs. More or less like you wrote, in the end every computer program contains sequences of instructions for the targeted CPU (including calls to, possibly documented, operating system and other libraries).

    Reverse engineers love decompilers because assembler code is a lot harder to interpret *by humans* than higher level source code (it can be done, I did it approx. 30 - 40 years ago for various CPU architectures, but it is very time consuming and error-prone).

    Malware typically consist of (highly) obfuscated code to fool decompilers and emulators. I've not studied it but probably the anti-malware industry is already using AI to help them analyse malware (and, feeding the rat race, quite likely malware makers are using AI to obfuscate their code).

    Internet search terms such as "malware analysis llm" may possibly help you to find related articles.

    Regardless, IMO not possessing the original source code should not pose a major hurdle for finding bugs in executable code.

    #AI #ReverseEngineering #Malware #DeCompilers #IDA #DisAssemblers #Infosec #AntiMalware

  2. @MishaVelthuis : firstly, I am definitely not an AI expert.

    W.r.t. source code analysis: in fact one does not need "source code" (e.g. higher level languages) to be able to spot bugs. More or less like you wrote, in the end every computer program contains sequences of instructions for the targeted CPU (including calls to, possibly documented, operating system and other libraries).

    Reverse engineers love decompilers because assembler code is a lot harder to interpret *by humans* than higher level source code (it can be done, I did it approx. 30 - 40 years ago for various CPU architectures, but it is very time consuming and error-prone).

    Malware typically consist of (highly) obfuscated code to fool decompilers and emulators. I've not studied it but probably the anti-malware industry is already using AI to help them analyse malware (and, feeding the rat race, quite likely malware makers are using AI to obfuscate their code).

    Internet search terms such as "malware analysis llm" may possibly help you to find related articles.

    Regardless, IMO not possessing the original source code should not pose a major hurdle for finding bugs in executable code.

    #AI #ReverseEngineering #Malware #DeCompilers #IDA #DisAssemblers #Infosec #AntiMalware

  3. @MishaVelthuis : firstly, I am definitely not an AI expert.

    W.r.t. source code analysis: in fact one does not need "source code" (e.g. higher level languages) to be able to spot bugs. More or less like you wrote, in the end every computer program contains sequences of instructions for the targeted CPU (including calls to, possibly documented, operating system and other libraries).

    Reverse engineers love decompilers because assembler code is a lot harder to interpret *by humans* than higher level source code (it can be done, I did it approx. 30 - 40 years ago for various CPU architectures, but it is very time consuming and error-prone).

    Malware typically consist of (highly) obfuscated code to fool decompilers and emulators. I've not studied it but probably the anti-malware industry is already using AI to help them analyse malware (and, feeding the rat race, quite likely malware makers are using AI to obfuscate their code).

    Internet search terms such as "malware analysis llm" may possibly help you to find related articles.

    Regardless, IMO not possessing the original source code should not pose a major hurdle for finding bugs in executable code.

    #AI #ReverseEngineering #Malware #DeCompilers #IDA #DisAssemblers #Infosec #AntiMalware

  4. @MishaVelthuis : firstly, I am definitely not an AI expert.

    W.r.t. source code analysis: in fact one does not need "source code" (e.g. higher level languages) to be able to spot bugs. More or less like you wrote, in the end every computer program contains sequences of instructions for the targeted CPU (including calls to, possibly documented, operating system and other libraries).

    Reverse engineers love decompilers because assembler code is a lot harder to interpret *by humans* than higher level source code (it can be done, I did it approx. 30 - 40 years ago for various CPU architectures, but it is very time consuming and error-prone).

    Malware typically consist of (highly) obfuscated code to fool decompilers and emulators. I've not studied it but probably the anti-malware industry is already using AI to help them analyse malware (and, feeding the rat race, quite likely malware makers are using AI to obfuscate their code).

    Internet search terms such as "malware analysis llm" may possibly help you to find related articles.

    Regardless, IMO not possessing the original source code should not pose a major hurdle for finding bugs in executable code.

    #AI #ReverseEngineering #Malware #DeCompilers #IDA #DisAssemblers #Infosec #AntiMalware

  5. In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of cyble.com/blog/cisa-kev-2025-e were:

    Microsoft (39)
    #Apple (9)
    #Cisco (8)
    #Fortinet (8)
    #Google #Chromium (7)

    If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.

    As you can see, this is particularly true for #Microsoft.

    Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
    Source: services.google.com/fh/files/m

    If you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!

    #Windows #macOS #iOS #exploits

  6. In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of cyble.com/blog/cisa-kev-2025-e were:

    Microsoft (39)
    #Apple (9)
    #Cisco (8)
    #Fortinet (8)
    #Google #Chromium (7)

    If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.

    As you can see, this is particularly true for #Microsoft.

    Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
    Source: services.google.com/fh/files/m

    If you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!

    #Windows #macOS #iOS #exploits

  7. In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of cyble.com/blog/cisa-kev-2025-e were:

    Microsoft (39)
    #Apple (9)
    #Cisco (8)
    #Fortinet (8)
    #Google #Chromium (7)

    If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.

    As you can see, this is particularly true for #Microsoft.

    Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
    Source: services.google.com/fh/files/m

    If you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!

    #Windows #macOS #iOS #exploits

  8. In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of cyble.com/blog/cisa-kev-2025-e were:

    Microsoft (39)
    #Apple (9)
    #Cisco (8)
    #Fortinet (8)
    #Google #Chromium (7)

    If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.

    As you can see, this is particularly true for #Microsoft.

    Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
    Source: services.google.com/fh/files/m

    If you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!

    #Windows #macOS #iOS #exploits

  9. In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of cyble.com/blog/cisa-kev-2025-e were:

    Microsoft (39)
    #Apple (9)
    #Cisco (8)
    #Fortinet (8)
    #Google #Chromium (7)

    If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.

    As you can see, this is particularly true for #Microsoft.

    Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
    Source: services.google.com/fh/files/m

    If you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!

    #Windows #macOS #iOS #exploits

  10. CW: Kaspersky

    While I don't trust Kaspersky due to Russia, them doing antimalware for Linux is a good sign that maybe other software will start popping up again so there's more options than ClamAV and Bitdefender GravityZone for "servers" (they consider all Linux installs servers last I checked).

    #Kaspersky #Linux #antimalware

  11. CW: Kaspersky

    While I don't trust Kaspersky due to Russia, them doing antimalware for Linux is a good sign that maybe other software will start popping up again so there's more options than ClamAV and Bitdefender GravityZone for "servers" (they consider all Linux installs servers last I checked).

    #Kaspersky #Linux #antimalware

  12. CW: Kaspersky

    While I don't trust Kaspersky due to Russia, them doing antimalware for Linux is a good sign that maybe other software will start popping up again so there's more options than ClamAV and Bitdefender GravityZone for "servers" (they consider all Linux installs servers last I checked).

    #Kaspersky #Linux #antimalware

  13. CW: Kaspersky

    While I don't trust Kaspersky due to Russia, them doing antimalware for Linux is a good sign that maybe other software will start popping up again so there's more options than ClamAV and Bitdefender GravityZone for "servers" (they consider all Linux installs servers last I checked).

    #Kaspersky #Linux #antimalware

  14. EDR-Redir V2 can redirect entire folders like "Program Files" to point back to themselves, except for the folders of #antimalware EDR. This means that other software continues to function normally, while only the EDR is redirected or blocked. It can work with many EDRs: Elastic, Sophos, ESET, CrowdStrike,...
    #itsecurity #redteam

  15. EDR-Redir V2 can redirect entire folders like "Program Files" to point back to themselves, except for the folders of #antimalware EDR. This means that other software continues to function normally, while only the EDR is redirected or blocked. It can work with many EDRs: Elastic, Sophos, ESET, CrowdStrike,...
    #itsecurity #redteam

  16. EDR-Redir can successfully run with ESET. I will soon upgrade it to V2 with the ability to "redir" more types of EDRs. 💪

    GitHub: TwoSevenOneT/EDR-Redir
    #antimalware #CyberSecurity #malware

  17. EDR-Redir can successfully run with ESET. I will soon upgrade it to V2 with the ability to "redir" more types of EDRs. 💪

    GitHub: TwoSevenOneT/EDR-Redir
    #antimalware #CyberSecurity #malware

  18. Битва за внимание: как российские и зарубежные ИБ-медиа делят аудиторию в эпоху киберугроз

    Специализированные медиа в сфере информационной безопасности оказались в центре серьезных отраслевых изменений. Киберугрозы усложняются — в том числе за счет искусственного интеллекта — и тема становится всё актуальнее. Однако сам медиарынок развивается неравномерно. Меняются паттерны потребления информации, аудитория консолидируется, конкуренция между изданиями обостряется. На этом фоне профильные ИБ-ресурсы из узкоспециализированных площадок превратились в важные источники информации для широкой аудитории — от директоров по безопасности до рядовых пользователей. Чтобы понять, как распределяется внимание на этом рынке, мы сравнили ключевые метрики российских и западных изданий. В основе анализа — данные SimilarWeb (сентябрь 2025), рейтинг цитируемости "Медиалогии" и индекс ИКС от "Яндекса".

    habr.com/ru/articles/957454/

    #сми #сми_в_интернете #securitylab #xakepru #antimalware #информационная_безопасность #рейтинг_сми

  19. Битва за внимание: как российские и зарубежные ИБ-медиа делят аудиторию в эпоху киберугроз

    Специализированные медиа в сфере информационной безопасности оказались в центре серьезных отраслевых изменений. Киберугрозы усложняются — в том числе за счет искусственного интеллекта — и тема становится всё актуальнее. Однако сам медиарынок развивается неравномерно. Меняются паттерны потребления информации, аудитория консолидируется, конкуренция между изданиями обостряется. На этом фоне профильные ИБ-ресурсы из узкоспециализированных площадок превратились в важные источники информации для широкой аудитории — от директоров по безопасности до рядовых пользователей. Чтобы понять, как распределяется внимание на этом рынке, мы сравнили ключевые метрики российских и западных изданий. В основе анализа — данные SimilarWeb (сентябрь 2025), рейтинг цитируемости "Медиалогии" и индекс ИКС от "Яндекса".

    habr.com/ru/articles/957454/

    #сми #сми_в_интернете #securitylab #xakepru #antimalware #информационная_безопасность #рейтинг_сми

  20. Битва за внимание: как российские и зарубежные ИБ-медиа делят аудиторию в эпоху киберугроз

    Специализированные медиа в сфере информационной безопасности оказались в центре серьезных отраслевых изменений. Киберугрозы усложняются — в том числе за счет искусственного интеллекта — и тема становится всё актуальнее. Однако сам медиарынок развивается неравномерно. Меняются паттерны потребления информации, аудитория консолидируется, конкуренция между изданиями обостряется. На этом фоне профильные ИБ-ресурсы из узкоспециализированных площадок превратились в важные источники информации для широкой аудитории — от директоров по безопасности до рядовых пользователей. Чтобы понять, как распределяется внимание на этом рынке, мы сравнили ключевые метрики российских и западных изданий. В основе анализа — данные SimilarWeb (сентябрь 2025), рейтинг цитируемости "Медиалогии" и индекс ИКС от "Яндекса".

    habr.com/ru/articles/957454/

    #сми #сми_в_интернете #securitylab #xakepru #antimalware #информационная_безопасность #рейтинг_сми

  21. Битва за внимание: как российские и зарубежные ИБ-медиа делят аудиторию в эпоху киберугроз

    Специализированные медиа в сфере информационной безопасности оказались в центре серьезных отраслевых изменений. Киберугрозы усложняются — в том числе за счет искусственного интеллекта — и тема становится всё актуальнее. Однако сам медиарынок развивается неравномерно. Меняются паттерны потребления информации, аудитория консолидируется, конкуренция между изданиями обостряется. На этом фоне профильные ИБ-ресурсы из узкоспециализированных площадок превратились в важные источники информации для широкой аудитории — от директоров по безопасности до рядовых пользователей. Чтобы понять, как распределяется внимание на этом рынке, мы сравнили ключевые метрики российских и западных изданий. В основе анализа — данные SimilarWeb (сентябрь 2025), рейтинг цитируемости "Медиалогии" и индекс ИКС от "Яндекса".

    habr.com/ru/articles/957454/

    #сми #сми_в_интернете #securitylab #xakepru #antimalware #информационная_безопасность #рейтинг_сми

  22. At my workplace, #Microsoft #Defender 365 aka the #antimalware from hell, has decided that duckdb.org is a malicious link.
    Every time someone tries to post it on Teams, it is blocked.
    I suggested that maybe we can trigger an integer overflow in the system after many alerts...

  23. At my workplace, #Microsoft #Defender 365 aka the #antimalware from hell, has decided that duckdb.org is a malicious link.
    Every time someone tries to post it on Teams, it is blocked.
    I suggested that maybe we can trigger an integer overflow in the system after many alerts...

  24. Monthly reminder that #Windows11 fucking sucks ass.

    Trying to troubleshoot why a software didn't start and Windows Defender false-positive a DLL that now can't restore.

    Great start for a monday.

    #Windows #Microsoft #Troubleshooting #WindowsDefender #Malware #AntiMalware #AntiVirus #AV

  25. Monthly reminder that #Windows11 fucking sucks ass.

    Trying to troubleshoot why a software didn't start and Windows Defender false-positive a DLL that now can't restore.

    Great start for a monday.

    #Windows #Microsoft #Troubleshooting #WindowsDefender #Malware #AntiMalware #AntiVirus #AV

  26. Monthly reminder that #Windows11 fucking sucks ass.

    Trying to troubleshoot why a software didn't start and Windows Defender false-positive a DLL that now can't restore.

    Great start for a monday.

    #Windows #Microsoft #Troubleshooting #WindowsDefender #Malware #AntiMalware #AntiVirus #AV