Dears,
how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?
Lot of thanks for your reply, BR.,Turner
Solved
Bit-shifting data hiding
Best answer by DanP
WSA analyzes files during execution as well as scanning files on disc. If an attacker were to hide a malicious executable by encoding it, the file would still need to be decoded in order to be executed, and the file would be detected on execution.@ wrote:
Dears,
how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?
Lot of thanks for your reply, BR.,Turner
-Dan
Hi Turner
Welcome to the Community Forums.
I would say that this is a question best left to one of the Webroot professionals, so I will ping a great one for you in the hope that@ can clarify the situation for you.
I will be interested to hear what he can advise on this interesting question. :D
Regards, Baldrick
Welcome to the Community Forums.
I would say that this is a question best left to one of the Webroot professionals, so I will ping a great one for you in the hope that
I will be interested to hear what he can advise on this interesting question. :D
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
+35- OpenText Employee
- 515 replies
- Answer
WSA analyzes files during execution as well as scanning files on disc. If an attacker were to hide a malicious executable by encoding it, the file would still need to be decoded in order to be executed, and the file would be detected on execution.@ wrote:
Dears,
how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?
Lot of thanks for your reply, BR.,Turner
-Dan
Webroot Threat Research
Hi Dan
Thanks, as always, for the pickup/response.
Regards, Baldrick
Thanks, as always, for the pickup/response.
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.