Search the Community
Showing results for tags 'obfuscation'.
Found 1 result
Amaroq_Starwind posted a topic in Malwarebytes 3I had an interesting idea: What about protecting Malwarebytes components, through an experimental extension to the Chameleon system, using all of the same tricks that Malware itself often uses for self-defense, plus a few more I thought of myself? Packers, multiple forms of obfuscation, dummy processes and registry keys, code virtualization (using a Cryptographically-secure Pseudo-RNG), dynamic recompilation, active boobytraps, maze-like FileSystem/Registry setup, modular/cross-OS component installation, Isolated/Encrypted "Mini-Pagefiles", the works. You could also go a step further in reliability by using the .NET Core runtimes instead of the traditional .NET framework, in order to prevent damaged or out-of-date .NET framework components on your system from being an obstacle to the program functioning correctly, and you could probably also use cloud-accelerated machine learning to perform extensive low-level optimizations of the compiled code. Maybe peer-to-peer cloud integrations should be implemented too (as an in-house, online-backed equivalent to Windows Resource Protection), as well as a secure and low-profile means for all of these protection systems, decoy processes, and such to communicate with eachother without revealing their identities to outside programs (hard-coded asymmetric encryption, for example), that way they will know what to do whenever it's time to update, uninstall, perform a repair, change settings (as requested by the user), and so forth. And then of course, there's the idea of a built-in (and heavily encrypted) counterpart to the HOSTS file for reaching official Malwarebytes servers/services, along with internally enforcing the use of IPv6, DNSSEC, HTTP/3, and/or a combination VPN/Proxy on any connections directly between the Malwarebytes servers and MBAM components. When taken all together, this could mitigate tampering, reverse-engineering, targeted attacks, and so on. And who knows? Maybe this could even prevent a second coming of the IOBit incident... Any thoughts on this? If so, then please share them below. 🦊 P.S.: If you want more details on what I mean by a maze-like setup with the FileSystem and Registry, then just send me a private message. My precise concept is still extremely work-in-progress, and highly confidential, but it does involve mixing back-up components with decoy files, along with some additional boobytraps of my own design.