Recently some great research has been published by Johnny Shaw outlining a method to start processes in Microsoft Windows in a manner similar to process hollowing. They have coined this term “Process Herpaderping” and there is a great detailed technical write up here – https://jxy-s.github.io/herpaderping/. Essentially, an attacker who has the capability to execute arbitrary […]
This author has yet to write their bio.Meanwhile lets just say that we are proud admin contributed a whooping 12 entries.
Entries by admin
This week Airlock Digital whitelisting was featured on the Risky Business podcast with Airlock Co-Founder, David Cottingham. They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in […]
Airlock Digital was featured on Risky Business Snake Oilers June podcast and we have had a fantastic response. You can listen here to the interview between Patrick Gray and Airlock Co-Founder David Cottingham here.
Airlock Digital, headquartered in Adelaide, South Australia, today announced that its application whitelisting solution now includes integrated file reputational lookups to streamline administration and allow non-cyber security specialists to easily assess the threat level of unknown files. The Airlock solution is specifically built around the Australian Signals Directorate’s (ASD) controls for application whitelisting, the number […]
Trust, it’s a fundamental concept in cybersecurity and plays a vital role in the decisions we make, particularly if a risk based approach is taken to decision making. However, we don’t often think about how the concept of trust influences our decisions. This blog post will explore what role trust plays, in file based security. […]
Today Airlock Digital is releasing a free Microsoft Word document to test ‘Chained Trust’ in EDR and Application Whitelisting solutions. is where a product will trust a parent process (such as winword.exe) and automatically place trust in any spawned child processes. Security products that are configured to use ‘Chained Trust’ may provide a reduced level […]
The Petya ransomware outbreak represents an evolution in the sophistication of ransomware. Employing a number of different strategies for distribution and infection the Petya ransomware has impacted small and large organisations across the globe. This outbreak is another reminder that signature based detection is not effective in todays threat landscape. In this video you will […]
Ransomware activity has been rising steadily over the past four years, providing a low cost and successful income stream for criminal organisations. Over the past weekend however, the game was changed with ‘WannaCry’. Traditional ransomware typically ran on a single end user system, encrypting files that were accessible on local disks and sometimes mapped network […]
Airlock Co-Founder, David Cottingham, will be presenting at the Australian Cyber Security Centre on Wednesday the 15th of March at 2:30pm in the Bradman Theatrette. Presentation Abstract: There is a wealth of information in the security community today about what constitutes an indication of malicious activity within enterprise environments. Even if you are lucky enough to […]
Version 1.2 of Airlock includes the following new features: – Publisher support for trusting signed executable and DLL files; – Differential policies significantly reducing client network traffic; and – Citrix VDI Environment support. The addition of publisher support makes it even easier for customers to maintain application whitelists using Airlock. David Cottingham, Co-Founder of Airlock, commented […]