Magic Bytes and Important File Formats


To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. This is what’s often called magic bytes, a term referring to a block of byte values used to designate as filetype in order for applications to be able to detect whether or not the file they plan to parse or consume is of the proper format. 

Magic bytes help in identifying the type of file. It can be helpful to look for file format signatures and inferring how the application is using them based on these signatures, as well as how these formats may be abused to provoke undefined behavior within the application.


For example, a jpeg file starts with

ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ……JFIF….. or ffd8 


Commands that can help analyze the file formats:
  • file image.jpeg
  • file -i image.jpeg
  • xxd image.jpeg | head

A file signature (aka ‘magic bytes’) is typically 1-4 bytes in length and located at offset 0 in the file when inspecting RAW data. But there are many exceptions to this, certain files such as a Canon RAW formatted image or ‘GIF’ files have signatures larger than 4 bytes. Others such as an ISO9660 CD/DVD ISO image file have signatures located at separate offsets other than 0.

Another notable detail is that these initial sequences of bytes are generally not chosen at random i.e., most files of a given format will have a signature whose ASCII representation will be fairly recognizable at a glance as well as unique to the format.

Important File Formats:

Portable Network Graphics (PNG)

  • A PNG file has the magic bytes at the beginning followed by a series of chunks.
  • The first eight bytes of a PNG file always contain the following (decimal) values: 137 80 78 71 13 10 26 10
  • This signature indicates that the remainder of the file contains a single PNG image, consisting of a series of chunks beginning with an IHDR chunk and ending with an IEND chunk.

Joint Photographic Experts Group (JPEG)

  • It is a commonly used method of lossy compression for digital images, mostly for those images produced by digital photography. The degree of compression can be adjusted, allowing a tradeoff between storage size and image quality.
  • JPEG/Exif is the most common image format used by digital cameras and other image capture devices. JPEG/JFIF, it is the most common format for storing and transmitting photographic images on the Internet.
  • These files start with an image marker which always contains the marker code hex values FF D8 FF. It does not have the length of the file embedded, thus we need to find a JPEG trailer, which is FF D9.

MPEG-4 Part 14 (MP4)

  • MPEG-4 Part 14 or MP4 is a digital multimedia format most commonly used to store video and audio, but can also be used to store other data such as subtitles and still images. It allows streaming over the Internet. The only official filename extension for MPEG-4 Part 14 files is .mp4, but many have other extensions, most commonly .m4a and .m4p.
  • MP4 files consist of consecutive chunks. Each chunk has 8-byte header: 4-byte chunk size (big-endian, high byte first) and 4-byte chunk type - one of pre-defined signatures: "ftyp", "mdat", "moov", "pnot", "udta", "uuid", "moof", "free", "skip", "jP2 ", "wide", "load", "ctab", "imap", "matt", "kmat", "clip", "crgn", "sync", "chap", "tmcd", "scpt", "ssrc", "PICT".
  • First chunk must be of type "ftype" and has a sub-type at offset 8. MP4 defined by sub-type which must be one of values: "avc1", "iso2", "isom", "mmp4", "mp41", "mp42", "mp71", "msnv", "ndas", "ndsc", "ndsh", "ndsm", "ndsp", "ndss", "ndxc", "ndxh", "ndxm", "ndxp", "ndxs". 
  • Note: Image is from the internet.

You might also interest in,
  • List of Common Magic Bytes or File Signatures - Click Here!
  • How magic bytes can be used to go undetected - Click Here!

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. This...

Hide/Unhide Drives in Windows

 

If you are a Windows user, you would probably know about hiding or locking a folder or file which has confidential data. We generally, use some folder encryption software to do these tasks. But, if you have many such folders and files, it is not a good idea to lock each folder. A better option would be to move all such files and folders which you want to hide or do not want others to know about their existence, to some drive on your PC. Then, hide that entire drive so that it is not visible to anyone.

Steps to Hide Drives:

  • Right-click on My Computer icon.
  • Click on Manage from the pop-up menu.
  • Click on Disk Management at the left side of the opened window.
  • Select Drive which you want to hide.
  • Right-click on it and select Change Drive Letter and Path...
  • Click on Remove from the pop-up window.

  • Click OK. Now your drive is Hidden from My Computer.

Steps to Un-Hide Drive:

  • Right-click on My Computer icon.
  • Click on Manage from the pop-up menu.
  • Click on Disk Management at the left side of the opened window.

  • Select Drive which you want to unhide.
  • Right-click on it and select Change Drive Letter and Path... 
  • Click on add from the pop-up window.
  • Assign the drive letter that you want. e.g. F:

  • Click OK. Now your drive is visible in My Computer.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

  If you are a Windows user, you would probably know about hiding or locking a folder or file which has confidential dat...

Honeypots: Explained!

Even by having antivirus software, it is very difficult to say that the systems are free from virus threats. Similarly, sitting behind a firewall doesn’t mean that the network is safe from malicious activities. Every new virus or new attack finds some way or other to penetrate the security infrastructure and often goes undetected by the security technologies in place. The solution is to need a technology that welcomes the THREATS and detects its behavior of attacking, aka Honeypots.

According to Wikipedia, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. It attracts Cyber Attacks by mimicking as a target for the attacker. It uses cyber criminal's Intrusion attempts to gain information about their tactics. Also, used as a distraction for hackers from the real target.


Working of a Honeypot

  • Honeypot is a computer that looks like a genuine part of the network. It contains the data which looks legitimate like credit card detail, user data, etc.
  • Honeypots have vulnerabilities like open port or default, weak passwords. It is less secure than the live network. So, attackers get attracted to it. Once hackers are in, we can track them and their behavior. This can be assessed for clues on how to make the real network more secure.
  • Generally, honeypot does not have antiviruses or firewall. Because we want them to get attacked, which will help us in knowing to which threats our system is vulnerable. With the intelligence obtained from a honeypot, security efforts can be prioritized, focused, and can be stronger.  

Types of  Honeypot

Honeypots can be classified based on their deployment (use/action) and based on their level of involvement.

  • Based on deployment, honeypots can be classified as,
    • Production Honeypots are easy to use, as their name suggests its placed inside the production network with other production servers to improve their overall security. It is easy to deploy but it gives less information about attack or attacker than research honeypot.
    • Research Honeypots are used to gather information like the motives and tactics of attackers targeting different networks. It does not add direct value to a specific organization. Instead, they are used to research the threats that organizations faces and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain. They capture extensive information and are used primarily by researchers, military, or government organizations.
  • Based on design criteria, honeypots can be classified as, 
    • Pure Honeypots are contained a Bug that tracks all the activities done by the attackers. As its name suggests no other software needs to be installed only honeypot is in the system. Even though a pure honeypot is useful, the stealthiness of the defense mechanisms can be ensured by a more controlled mechanism.
    • High-interaction Honeypots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may waste a lot of their time. By using the virtual machine, we can deploy multiple honeypots on a single machine. Therefore, if honeypots are compromised we can restore them easily. It provides more security by being difficult to detect, but they are expensive to maintain. If virtual machines are not available then one physical computer must be maintained for each honeypot, which can be exorbitantly expensive.  
    • Low-interaction Honeypots simulate only the services requested by attackers. They consume relatively few resources because it has fewer services then high-interaction honeypots. Because of fewer services and reducing the complexity of the virtual machines, it also has multiple virtual boxes on a single physical machine.
  • Malware is one of the threats to information security that continues to increase. Malware has its own functionality and behavior. Everyday new malware is out and its detection is not possible using signature-based antivirus, firewall, and IDS. So for that, we need to understand the behavior of that malware with the system or in a live environment. Therefore, we can also use honeypot and track the behavior of the malware. We can use machine learning algorithms in Honeypots to classify malware. To know more, check the Next generation of Antivirus.
  • Spam Detection Honeypots are used for detecting spam by an attacker. For instance, an attacker sends spam mail to everyone in the organization. Then honeypots can be used to check its header and look for the IP address of senders. If it’s not whitelisted or it is on the blacklist then it is flagged as spam and blocks that email. In this situation, honeypot work as an anti-spam tool.
  • Honey Token is a honeypot, which is not a computer. It is a trap for illegal processes. They are entities, which carry interesting information that often looks attractive to the employees. But works as a tracker (sends an email to IT Admin when opened). It can be in a form of,
    • Username / Password
    • Financial sheets
    • Payroll data
    • Employee’s appraisal data
    • Tax calculation sheet
    • Credit card information
    • Encryption keys
    • Server configuration files
    • R&D Reports
    • Corporate presentation
    • Proprietary information
    • Any confidential document

Detection of Honeypot

  • Look for unusual services and ports open. Most internet-facing systems are stripped of any unnecessary services. If it has a lot of unusual services and ports open, these are meant to attract attackers and it may be a honeypot.
  • If there is less or no activity on that device, it may be a honeypot.
  • If you see directories such a social security numbers or credit card numbers, it may be a honeypot.
  • If you see a few software installed, it may be a honeypot.
  • If there is a lot of free space on the hard drive, it may be a honeypot.
  • If the configurations of the software running are still in their default settings, which almost never occurs in a live network (though it's a major problem in cybersecurity).


You might be interested in


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Even by having antivirus software, it is very difficult to say that the systems are free from virus threats. Similarly, sitting be...

Protection against MITM Attacks




If you want your network to be secure from the threat of ARP Attacks, the best plan is a combination of the below-mentioned prevention methods. There are many methods available on the Internet, each has its own positives and negatives. The most common and effective methods are listed below.

To know about ARP Poisoning, Click Here!

The prevention methods tend to have flaws in certain situations, so if active detection tools are in place as well, then you will know about ARP poisoning as soon as it begins.

Methods

Encryption

When a web request is made, it uses a structure of requests and responses for effective communication between clients and servers. The message sent by a client to the server is known as an HTTP request. HTTP means HyperText Transfer Protocol. The request and response, in this case, are in plain text, which means whomsoever is the man in the middle can read everything like websites visited, login credentials, card details that are sent to the server. To overcome this issue, a revised protocol of HTTP is released which is known as HTTPS, which stands for HyperText Transfer Protocol Secure. HTTPS encrypts the request and response. So, if someone is the man in the middle cannot see anything apart from gibberish.

Most of the websites now are over HTTPS but if someone is in the middle of your connection or in other words is Man in the Middle, an attacker can degrade the service from HTTPS to HTTP to read the gibberish. So to ensure that no one does that, you can install a browser Extension. The extension will make sure your connection is over HTTPS.

The Extension is HTTPS Everywhere, just search the extension continued by your browser name. After installing the extension. Click on the extension and switch on the below-mentioned options.


If the server does not have HTTPS i.e. SSL certificate. The HTTPS Everywhere extension will display a message something like below. Do not worry it is not a problem or error, just choose one from the available option. Open insecure page means the extension will remember your choice and will not show a warning every time you open this site. But if you choose the Open insecure page for this session only will open the page as HTTP for only this session.

**NOTE - You can access the website after this warning just be aware if you are typing your credit card details or login credentials.

VPNs - Virtual Private Network

According to Wikipedia, A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may, therefore, benefit from the functionality, security, and management of the private network.

In simpler words, if VPN is set up for your device, the connection will be sent to that Virtual Network before sending it to the server you requested for. And the server will not use your IP, the virtual network's IP will be visible and also all the connections between your device and the VPN are encrypted so no one can read that message.

**NOTE - If you use VPN, then the VPN is Man in the Middle. So, you need to read the detail of the VPN in detail about their logging policy or about saving your data.

To know more about the advantages and disadvantages of VPNs - Click Here


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

If you want your network to be secure from the threat of ARP Attacks, the best plan is a combination of the below-mentioned prev...

Detect ARP Poisoning Attacks



ARP Poisoning is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. It is also known as ARP spoofing, ARP cache poisoning, and ARP poison routing.

To know more about ARP Poisoning, Click Here!

There are many ways to detect ARP Attacks, but the three common and effective ways to detect ARP Poisoning Attacks are:
    • ARP Tables
    • XArp Tool
    • Wireshark
    • ARP Detector v1.0 (tool specially made by us)

    Using ARP Tables

    Address Resolution Protocol (ARP) is the method for finding a host's Link Layer (MAC) address when only its IP address is known. The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address. The ARP table can be manually entered by the user. User entries are not aged out.


    Using XArp Tool

    XArp is a security application that uses advanced techniques to detect ARP-based attacks. Using active and passive modules XArp detects hackers inside your network.

    CLICK HERE TO SEE THE DETAILS! (Coming Soon...)

    Using Wireshark

    Wireshark is a free and open-source network protocol analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Mainly designed to help network administrators to keep track of what is happening in their network. 
     


    Using ARP Detector v1.0

    Coming Soon...


    Problems with detection

    • Detection is not the same as prevention. Above mentioned methods will help you detect the ARP Attacks if any, but it would be better if we can prevent it.
    • These methods only work against ARP Spoofing or Poisoning but what about other Man-in-the-Middle Attacks.


      We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

      ARP Poisoning is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area ...

      Concept of ARP Spoofing Attacks



      ARP Poisoning is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. It is also known as ARP spoofing, ARP cache poisoning, and ARP poison routing.

      The aim of the attack is to associate the attacker's MAC address with the IP address of another host. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate MAC address. As a result, the attacker can intercept, modify, or block communication to the legitimate MAC address. It only works against networks that use ARP.

      Often the attack is used as an opening for other attacks, such as a denial of service, a man in the middle, or session hijacking attacks.

      What is Address Resolution Protocol (ARP)?

      The term address resolution refers to the process of finding a MAC address that belongs to an assigned IP address for a computer in a network. Assigned IP address to a given MAC Address is stored in a table known as the ARP cache.

      When a packet is received by the gateway to send it to the host, the gateway uses ARP to associate the MAC or physical host address with its correlating IP address.

      Network hosts or gateways will automatically cache any ARP replies they receive. Does not matter if network hosts requested them.

      ARP entries that have not yet expired will be overwritten if a new ARP reply packet is received. There is no method in the ARP protocol by which a host can authenticate the peer from which the packet originated. This behavior is the vulnerability that allows ARP spoofing to occur.

      How ARP Spoofing/Poisoning Works?

      In practice to make the ARP Protocol efficient led to a lack of security in its design. As discussed above, ARP protocol does not authenticate the peer from which the packet is originated it is easier for the hacker to do this attack as far as (s)he is in the same network.

      During ARP spoofing attacks, an attacker sends a forged ARP reply packets to a gateway and to the host over the local network. This can be generally be done by spoofing tool which comes preinstalled in Kali Linux, arpsoof which make their job easy.

      In simpler words, suppose the below table is the configuration of a network.

       NAME MAC Address 
      IP Address
      Gateway (Router)
      E2:01
      192.168.0.1
       Host  E2:11 192.168.0.11
       Attacker E2:21
      192.168.0.21

      So, the attacker will send forge ARP reply packets to the router to associate the E2:21 mac address with the IP of the host which is 192.168.0.11. Similarly, the attacker will send forge ARP reply packets to the Host to associate the E2:21 mac address with the IP of the Gateway (Router) which is 192.168.0.1.

      So, when a packet arrives at the gateway to send it to the host. The Gateway will check the ARP cache table to resolve the MAC address with IP Address. Now, the Host IP address (192.168.0.11) according to the router is associate with the MAC address (E2:21) so the packet will be sent to E2:21 which is the attacker.

      Similarly, when the host sends a packet/request it goes via Gateway, and when the host checks its ARP cache table to resolve the MAC address with IP Address. Now, the Gateway IP address (192.168.0.1) according to the host is associate with the MAC address (E2:21) so the packet will be sent to E2:21 which is the attacker.

      In this way, the attacker achieved the goal to be the Man-in-the-middle (MitM) using ARP Spoofing/Poisoning and now can intercept/modify/read the data following between the host and the gateway.

      How to detect ARP attacks?

      There are many ways to detect ARP Attacks, but the three common and effective ways to detect ARP Poisoning Attacks are:
      • ARP Tables
      • XArp Tool
      • Wireshark
      • ARP Detector v1.0 (tool specially made by us)


      How to do an ARP attack?

        CLICK HERE TO KNOW MORE! - Coming Soon...

          How to protect from MITM attacks?

          • Detection is not the same as prevention. Above mentioned methods will help you detect the ARP Attacks if any, but it would be better if we can prevent them.
          • These methods only work against ARP Spoofing or Poisoning but what about other Man-in-the-Middle Attacks.



          We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

            ARP Poisoning is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area ...

            Detect ARP Attacks via Wireshark

            Wireshark is a free and open-source network protocol analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Mainly designed to help network administrators to keep track of what is happening in their network.

            To know more about Wireshark - Click Here (Coming Soon...)

            • Download Wireshark.

            Installing Wireshark

            • Install Wireshark (Check checkboxes when asked to Install Npcap and USBPcap).
            • While Installing Npcap, check checkboxes for,
              • Install Npcap in WinPcap API-compatible mode
              • Support raw 802.11 traffic (and monitor mode) for wireless adapters.
            •  After Installation is done, click on Reboot Now.

            **NOTE - This is the basic installation of Wireshark. To know what each option means, Check to Install and Configure Wireshark.

            CLICK HERE TO KNOW MORE (Coming Soon...) 

            Configuration for Detection:

            • Start Wireshark and let it configure. 
            • Select the Interface which is connected to the Internet or on the interface on which you have suspicion for ARP Attacks.
            • If there is network traffic, you will see a lot of data which we will consider gibberish for now (but it is not).
            • Click on Edit on the top corner and go to Preferences or you can press Ctrl + Shift + P.
            • Explore the option Protocols.
            • Search for ARP/RARP and check the box Detect ARP request storms and set the number to whatever you want as per your need, for testing purpose, we will leave this as it is and Click OK.

            Detection:

            • Now whenever you have a doubt, go to Analyze > Expert Information (Last Option as per v3.2.5).
            • Sort the Protocol in ascending order, and you will see ARP/RARP if any ARP Attacks.
            • You will see Warning as Severity, Duplicate IP Address... as Summary, and so on. 

            • You can explore, you will see the spoofed MAC Address of the victim. 

              Video Tutorial


              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              Wireshark is a free and open-source network protocol analyzer. It is used for network troubleshooting, analysis, software and...

              Linux: File System Explained

              Imagine an operating system without a file system where all the data is placed in one large storage device with no way to tell where one piece of data stops and the next begins. This is where the file system comes into play which separates the data and giving each piece of data a name. This helps in data to be easily identified and isolated from others.

              The file system contains Files and Directories. A file is a basic unit of storage for data. Represented by (-) in Command-line Interface (CLI). Linux uses directories to hold information about other files. Also, known as folders in Windows. Represented by (d) in the CLI.


              Kali Linux is organized to be consistent with the Filesystem Hierarchy (FHS). The FHS defines the purpose of each directory, the top-level directories are described below.


              • / :  Every single file and directory starts from the root directory. Only the root user has the write privileges under this directory. /root is not the same as /. /root is the home directory of the administrator's personal files. 
              • /bin: Basic Programs. This directory contains binary executables where common Linux commands are found in the directory. For example, ps, ls, ping, grep, cp, mv, etc.
              • /sbin: System Programs. Contains binary executables, but is more related to system maintenance. For example, iptables, reboot, fdisk, ifconfig, etc.
              • /etc: Contains configuration files required by all programs. Most applications will have a directory under this with all its configurations.
              • /var: Contains files that are expected to grow or change constantly. This includes log files, queues, spools, and caches.
              • /tmp: Contains temporary files. This directory is often emptied at boot.
              • /home: Contains user's personal files. This is where the home directories for all the users are located.
              • /boot: Contains boot loader files. Kali Linux kernel and other files required for its early boot process.
              • /dev: Contains device files.
              • /lib: Contains basic libraries. 
              • /media/*: mount points for removable devices like CD-ROM, USB, and etc.
              • /mnt: Temporary mount point.
              • /opt: Contains extra applications provided by third parties or optional Add-on Apps.
              • /srv: Contains data used by servers hosted on the system. 
              • /usr: This directory is further subdivided into bin, sbin, lib according to the same as in the root directory. The /usr/local/ directory is meant to be used by the administrator for installing applications manually without overwriting files handled by the packaging system (dpkg).
              • /run: volatile runtime data that does not persist across reboots (not included in the FHS)
              • /proc and /sys are used by the kernel for exporting data to userspace (not included in the FHS).

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              Imagine an operating system without a file system where all the data is placed in one large storage device with no way to tell whe...

              Why Antivirus is a Joke/Dangerous?

              We have discussed a lot about antivirus and how it works in our recent post. But we did not discuss one topic, i.e., can antivirus be a threat? Well, the answer is yes and no. Here we will discuss some of the important points which will let question your antivirus company.
              • Antivirus fails to stop all malware as most of the anti-virus are signature-based. Especially they are unable to stop encrypted and targeted malware. 
              • We do not know if you have not noticed yet, but antivirus decreases the performance of the system they are running on.
              • Can be a serious privacy and anonymity concern as they send scanned results periodically back to the server.  
              • Constant unknown data is sent to the antivirus company. As discussed above we do not know what the data is or can be.
              • Some antiviruses break SSL/TLS encryption to check or monitor web traffic which can again be a privacy issue as breaking encryption can also help them to know user credentials like passwords.
              • Most of the antivirus is closed source, we don't know how exactly they are running and what kind of tasks they are performing. Obliviously until or unless we have a whistle-blower :) 
              • Some antivirus might sell your data on the dark web (especially the free ones). Come on, think about it. They want to provide software for free which takes a ton of work and resources to handle.
              • Antivirus updates can be used as Attack Vector by hackers. Some antivirus update via HTTP so attackers can intercept the request or can send their own spoof request to update the antivirus but what you are doing is installing a virus or malware. Uh, an antivirus can be also be used to install the virus. Sounds irritating, isn't it?

              Antivirus can be risky but needed at the same time. Before choosing an antivirus makes sure to check its reputation in the market.

              If you are interested in any topic, CLICK HERE:
              • Free Antivirus 
              • What is Antivirus 
              • Best Antivirus Available 
              • Online Antivirus 
              • Next Generation of Antivirus          

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              We have discussed a lot about antivirus and how it works in our recent post. But we did not discuss one topic, i.e., can antivirus...

              Next Generation of Antivirus

              Anti-viruses have a lot of weaknesses, yet we will find that most organizations and individuals continue to buy and use the 'traditional' signature-based antivirus. This traditional way is fundamentally broken, and the best part is security companies are fully aware of the fact. It is in the process as you read of replacing this traditional anti-virus and signature-based approach.

              It is being replaced by some of the more advanced features, we have mentioned them under the What is Antivirus blog post. Very importantly we have new companies with potentially better methods that will overtake the antivirus or endpoint protection market.
              To name a few of these kinds of companies,
              • Cylance Smart Antivirus
              • Bromium  
              • SentinelOne
              • CrowdStrike
              and companies like Kaspersky, ESET, etc are also working on the same.

              These companies are using new approaches and techniques such as,
              • Machine Learning
              • Exploit Prevention
              • Containment
              • Behavioral Analysis
              • Decoys
              • Honeypots
              • Hardening
              • Algorithms

              with the focus to detect and prevent threats without prior knowledge of them. These approaches are more likely to merge with existing methods and will become new normal. 

              Anti-viruses are not dead, they are evolving into a different species and we are right now in the middle of serious changes. The next generation of AV will be able to prevent the majority of malware. Well, that is the hope anyway.

              If you are interested in any topic, CLICK HERE:
              • Free Antivirus
              • What is Antivirus 
              • Best Antivirus Available 
              • Online Antivirus 
              • Why Antivirus is Joke/Dangerous 

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              Anti-viruses have a lot of weaknesses, yet we will find that most organizations and individuals continue to buy and use the 't...

              Online Anti-Virus: No Result Share

              Online Antivirus can also be used as a Second Opinion Antivirus. But what does No Result Share mean? Hmm... When we upload the file to get a second opinion, the website shares the results of the file with all the company's database. 
               
              When a hacker creates malware to hack a system, (s)he needs to be sure. If malware is detected, then all hard work will be in vain. Making a malware FUD (Fully undetectable) is an important task. So, after creating the malware, how the hacker will be sure that the malware is FUD?
              We cannot test the malware with every antivirus company separately. Therefore, to overcome this issue we have websites like VirusTotal, who checks the file with over 70 different databases. Problem Solved? No.

              Obviously, the hacker needs to test the malware again to again after every change made in the malware to make it full proof. Furthermore, even if in one step the malware is detected hacker needs to start fresh. Because as said earlier, online antivirus distributes/shares signature with all the company.

              To overcome this issue, the community has built online antivirus like VirusTotal but with one major difference. The result will not be shared with the companies.

              The four well-known websites that do not share the results are:

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              Online Antivirus can also be used as a Second Opinion Antivirus. But what does No Result Share mean? Hmm... When we upload the fi...