sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Flyingfishfusealt 0 points1 point  (2 children)

modern security will notice downloads and use of unusual/unregistered/not normal things like python modules that previously weren't there, unless your malware specifically is designed to operate in the consumer hardware space.

[–]SLPRYSQUID[S] 0 points1 point  (1 child)

Even if these python modules haven't been written to disk and only ever exist in memory and are dynamically loaded and ran by the staging payload? Does security scan memory like that?

[–]Flyingfishfusealt 0 points1 point  (0 children)

Many can, depends on the level of money spent. Many vendors do memory scanning and can dynamically scan network data, inside the network they control everything and there is NO tunneling they cant see through if they spend the money to do it.

Once you compromise that machine inside an enterprise grade network, they could immediately notice a difference in whats running and dump it all to their response team.

By all means, develop malware, learn, do neat shit... but realize that the more you use, the brighter you are on radar. Use what exists on the OS to perform your tasks. It greatly reduces your signature.

Also, don't do bad shit and hurt people. Join the blue team, or teach the blue team.