The ransomware threat is a widespread and growing menace that has caused havoc on many companies and institutions over the world. By leveraging vulnerable and insecure software and using social engineering, cybercriminals have found a wide opportunity for considerable profit in the thriving age of digital businesses and cyber currency payments. In this light, malware behavior analysis plays a crucial role in the development of proper prevention and detection technology and is the cornerstone of an effective incident response practice. Given this, this survey attempts to perform an overview of the aspects of ransomware behavior that, depending on the prominence of its end goals, can facilitate or hinder its analysis.
There are many scenarios where, during a law-enforcement or incident response situation, it is of interest to obtain live session data stored in volatile memory (RAM) in Windows 10 machines, which may be locked by a login screen prompt. This work attempts to survey the bibliography for methods and tools that could, in theory or in practice, bypass said security mechanism and possibly aid digital forensic investigators and law-enforcement get the full picture of a case.
Reverse proxy is a functionality provided by companies such as Cloudflare and its designed to protect virtual assets on the internet by acting as a middleman between end users and an origin server. While working on a law enforcement case, we performed OSINT research, designed and deployed a tool that allowed us to reach an original website's IP address associated with criminal activity, thus achieving partial bypass of Cloudflare's reverse proxy protection.
As vulnerability and threat analysis play a vital role in software security in an ever-increasing digital world of virtualized computer and information systems, it is paramount that key security concepts are understood and that crucial security practices are applied in order to safeguard these types of assets. For that, this work attempts to provide an insight at vulnerabilities and threats related to the hypervisor model of virtualization while also fomenting a discussion about the security demands and challenges that this technology brings.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.