IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [detection]

Detection is the act of discovering and/or determining the existence, presence, or fact of something.

Detection is the act of discovering and/or determining the existence, presence, or fact of something. For example: anti-virus programs use detection algorithms to discover and identify virii.

245 questions
152
votes
19 answers

Has it been mathematically proven that antivirus can't detect all viruses?

What analysis was Bruce Schneier referencing when he wrote: Viruses have no “cure.” It’s been mathematically proven that it is always possible to write a virus that any existing antivirus program can’t stop. From the book Secrets & Lies by Bruce…
Cate
  • 1,235
  • 2
  • 6
  • 4
76
votes
11 answers

Sanitize computer after Homeland Security seizure

I flew from overseas back to the USA and all my electronic equipment was seized by Homeland Security, including my laptop computer, external hard drives, flash drives, etc. After more than a month I have finally gotten my stuff back. I have 2…
user91785
  • 509
  • 5
  • 5
64
votes
5 answers

Can Beehive detect a Snowden-like actor?

In a seminar, one of the Authors of Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks said that this system can prevent actions like Snowden did. From their articles' conclusions; Beehive improves on…
kelalaka
  • 5,409
  • 4
  • 24
  • 47
54
votes
6 answers

If malware does not run in a VM why not make everything a VM?

There is a lot of malware that can detect whether it is running inside a VM or sandboxed environment and if such environment is detected it can conceal it self and not execute. So why not make everything a VM? Now all systems are safe! I know not…
Marcus
  • 1,145
  • 1
  • 8
  • 12
47
votes
4 answers

How do you know your server has been compromised?

I recently helped a client who had their server hacked. The hackers added some PHP code into the header of the homepage redirecting the user to a porn website — but only if they came from Google. This made it slightly harder for the client to spot.…
Boz
  • 595
  • 1
  • 4
  • 8
42
votes
4 answers

Is it possible to tell if hard drive is encrypted?

Is it possible to tell if a hard drive is encrypted, regardless of what software was used, i.e., Truecrypt / VeraCrypt / Bitlocker for AES-256? Just the other day, I thought it could be possible to tell if I scan the drive with "Sector View" to read…
cpx
  • 587
  • 1
  • 4
  • 8
39
votes
7 answers

Is it possible to detect 100% of SQLi with a simple regex?

I'm wondering if it is possible to detect 100% of the possible SQLi attacks using a simple regex. In other words, using very simple PHP code as an example: if (preg_match("/select/i", $input)) { attack_log("Possible SELECT SQLi…
reed
  • 15,398
  • 6
  • 43
  • 64
35
votes
5 answers

How to detect when files from my USB were copied to another PC?

I accidentally gave my USB to my friend and then I realized it had some important files of mine. Is there any way I can know if he got something from the USB?
Harry Sattar
  • 499
  • 1
  • 4
  • 5
30
votes
3 answers

Is there a way to detect web server in case it's not present in HEADER?

I'm trying to detect what web server a particular website uses. For instance whether it's nginX, Apache, Tomcat and so on. I usually use Live HTTP Headers Firefox add-on. The problem is that sites sometimes hide their back-end. Isn't there a way…
Alireza
  • 1,280
  • 1
  • 20
  • 26
30
votes
4 answers

Fake users in database for compromise detection

I have read of sites* adding fake users to their databases and then monitoring their usage. One of these fake users being used or even attempted login may mean database compromise etc. This sounds like a good idea for detecting issues after they…
Paul
  • 537
  • 4
  • 8
25
votes
4 answers

Reduce Noise when Penetration Testing

Recently I participated in a capture the flag competition which was attached with SOC analysis teams monitoring our traffic. There we were told that many tools were very noisy. Eg Sqlmap which has its full header. As all of us were new so we weren't…
Khopcha
  • 465
  • 5
  • 11
23
votes
3 answers

How does a crypter for bypassing antivirus detection work?

I am talking about crypters used to encrypt files like viruses and keyloggers for the sole purpose of bypassing antivirus detection. How do they work?
gbr
  • 2,000
  • 1
  • 16
  • 22
22
votes
2 answers

Can a Trojan hide itself, so its activity doesn't appear in task manager process?

Can malicious software hide itself, so its activity doesn't appear in the list of processes from Task Manager? Can it hide itself so when someone is controlling your computer, even if you open Task manager, you won't see any suspicious activity? If…
Steve
  • 259
  • 3
  • 7
21
votes
3 answers

Would it be plausible to write your own anti-crypto-ransomware tool?

Question After reading about how basic ransomware targets and encrypts your files. I was wondering if it would be plausible to write your own script to try and detect such activities? Initial Research Effort I have looked at different ideas people…
Chris
  • 735
  • 7
  • 15
14
votes
5 answers

bot detection via browser fingerprinting

I've recently noticed that a few companies have begun to offer bot and scraping protection services based on the idea of browser fingerprinting to detect them, and then blocking the specific fingerprint from accessing the site (rather than blocking…
WeaselFox
  • 241
  • 1
  • 2
  • 6
1
2 3
16 17