On 11/23/14, Aftermath <aftermath.thegreat@xxxxxxxxx> wrote: > Regin: Top-tier espionage tool enables stealthy surveillance > > http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance ... the interesting aspect they highlight is that everything past the first loader is encrypted. this is why a volatility style view of host memory is critical to identifying and mitigating advanced threats. some of the most advanced malware doesn't even "persist" in the usual sense, instead leaving "triggers" on peripheral devices which can "tip" to compromise on demand, even after replacing hard drives and doing clean installs from the top...