4 Blending In

In the last chapter, we saw a reaction correspondence that naturally developed when attackers realized they could circumvent dead disk forensic analysis, the established forensic method at the time. We also saw what happened when the defense reacted to this strategy, using technologies like memory scanning, EDR solutions, and network analysis. Where once attackers avoided non-repudiation by operating in memory, now defenders have logs of parent-child relationships, remote thread creations, or anomalous process memory, for example. This means attackers are not necessarily invisible when operating in memory; on the contrary, they may set off alerts if the defense is well instrumented. To counter this new reaction correspondence or ...

Get Adversarial Tradecraft in Cybersecurity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Adversarial Tradecraft in Cybersecurity by Dan Borges

4

Blending In

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly