Skip to main content
 Dears,

how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?

 

Lot of thanks for your reply, BR.,Turner
Hi Turner

 

Welcome to the Community Forums.

 

I would say that this is a question best left to one of the Webroot professionals, so I will ping a great one for you in the hope that @ can clarify the situation for you.

 

I will be interested to hear what he can advise on this interesting question. :D

 

Regards, Baldrick
@ wrote:

 Dears,

how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?

 

Lot of thanks for your reply, BR.,Turner

WSA analyzes files during execution as well as scanning files on disc. If an attacker were to hide a malicious executable by encoding it, the file would still need to be decoded in order to be executed, and the file would be detected on execution. 

 

-Dan
OK, thanks for your reply !

Turner
Hi Dan

 

Thanks, as always, for the pickup/response.

 

Regards, Baldrick

Reply