Solved

Bit-shifting data hiding

  • 3 June 2017
  • 4 replies
  • 147 views

Userlevel 1
 Dears,
how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?
 
Lot of thanks for your reply, BR.,Turner
icon

Best answer by DanP 5 June 2017, 17:05

View original

4 replies

Userlevel 7
Hi Turner
 
Welcome to the Community Forums.
 
I would say that this is a question best left to one of the Webroot professionals, so I will ping a great one for you in the hope that @ can clarify the situation for you.
 
I will be interested to hear what he can advise on this interesting question. :D
 
Regards, Baldrick
Userlevel 7
Badge +35
@ wrote:
 Dears,
how I am protected by WSA against any powershell script ( for example ) which launch a "legitimate action": bit-shifting for data hiding on NTFS partition ? For example, if I have a file that I ( or attacker 🙂 ) want to hide , I can run a bit shifting program/script that changes the direction of the bits inside that. As a result the file contents become scrambled and unreadable. What will WSA do?
 
Lot of thanks for your reply, BR.,Turner
WSA analyzes files during execution as well as scanning files on disc. If an attacker were to hide a malicious executable by encoding it, the file would still need to be decoded in order to be executed, and the file would be detected on execution. 
 
-Dan
Userlevel 1
OK, thanks for your reply !
Turner
Userlevel 7
Hi Dan
 
Thanks, as always, for the pickup/response.
 
Regards, Baldrick

Reply