Protection from zero-day attacks is one of the biggest challenges of modern cybersecurity.

Although vendors are getting better and better at detecting zero-day exploits, the number of zero-day attacks and the effectiveness of them keeps increasing. Tools and techniques for discovering zero-day exploits, spreading them, and performing zero-day attacks are becoming more sophisticated, more widespread, and easier to use by the day. On the other hand, actually detecting an ongoing attack and preventing the damage is getting much harder due to the increased complexity of the systems that cybersecurity specialists are dealing with and the advanced level of encryption and obfuscation used by malicious software.

This means that there’s an increased demand for zero-day attack detection and prevention solutions that can produce accurate results with few false positives (non-incidents that raise the alarm) or false negatives (actual incidents that don’t raise the alarm). Producing such a solution can be quite difficult, requiring a considerable investment as well as a mature engineering team experienced in cybersecurity, systems control, network management, and virtualization.

 

In this article we’ll look at how to intercept HTTP traffic in order to inject custom code into Windows HTML markup. In order to do this, we’ll look at two completely different approaches: one with Kernel mode, the other with User mode. For the sake of simplicity, we won’t cover HTTPS traffic.

Enterprise resource planning (ERP) and customer relation management (CRM) systems are very helpful in organizing, streamlining, and structuring business processes across the company. They allow companies to automate certain management and business tasks and unify data across the board, helping them to reduce overhead and make the overall workflow more efficient. To fit the needs of a large number of companies across different industries, such systems come with a wide variety of features spread between several modules optimized for different departments.

Yet, despite the rich feature set, many companies face the need to tweak said system to their own unique needs. To meet this demand, many products come with necessary tools that allow their clients to implement custom solutions within the system.

Modern SaaS services are akin to Swiss Army knives – they can do anything. At the same time, clients only use the features of a SaaS service that they need. With time, continuous development of these services becomes very hard, as there get to be too many features to support. The need arises to define which features should be prioritized for further development. The logical way to prioritize features is to invest in the most popular, and the popularity of each feature can be determined by user behavior tracking.

Angular is one of the most popular web development frameworks right now. It’s not only a go-to tool for client-side web application development, but also a great solution for mobile and desktop apps. When thinking about its success, it’s hard to believe that Angular was released only eleven months ago.

With the advent of AI, machine learning, and automation, computer vision becomes all the more relevant. At Apriorit, we build an expertise of working with computer vision as a part of working on a new set of projects involving AI and machine learning.

Now, we want to share our experience, specifically with regards to object detection with OpenCV.

Our objective is to count the number of people who have crossed an abstract line on-screen using computer vision with OpenCV library.

In this article, we will look at two ways to perform object recognition using OpenCV and compare them to each other. Both approaches have their own pros and cons, and we hope that this comparison will help you choose the best one for your task.

CUDA is a parallel computing platform developed by Nvidia for its graphics processing units. By using CUDA API, developers can retool GPUs to perform general purpose calculations. GPUs excel in algorithms that require processing large amount of data in parallel chunks. Thus, CUDA-based solutions are well suited for various applications regarding big data and research projects.

Not pretending to be a complete CUDA programming guide, this article deals with non-trivial aspects and possible pitfalls of working with CUDA for tasks that use the computational capabilities of Nvidia Nvidia GPUs. As a software R&D company, Apriorit has encountered and handled all of these CUDA programming issues in the projects we developed for our clients. Thus, we decided to share our practical experience working with CUDA and provide some CUDA programming examples with code explained.

 

At Apriorit, kernel and driver development is one of our key competences. We extensively use technologies operating at the kernel level in various security, virtualization, system control, and monitoring solutions that we develop for our clients. At the same time, some projects do not really need a driver solution with its potential complexity – a user mode implementation, e.g. based on various hooks, meets all requirements.

We’d like to generalize and share our experience of building kernel level and user level technologies and provide you with a list of advantages and disadvantages of both approaches for various tasks.

As we specialize first of all on the security-related projects, we’ve chosen various system monitoring and management technologies frequently required for endpoint security solutions.

 

Contents

Introduction: What Is the Kernel/User Mode?

Common Pros and Cons

Network Monitoring and Management

Keyboard / Keystroke Monitoring

File System Monitoring / Management

Process Monitoring / Management

At Apriorit, we developed several custom Windows and Linux virtual file system implementations, and so we decided to share our knowledge on the topic in this series of articles. This article will be useful for any developers who wish to create Windows virtual file system that can process file operations in its own fashion.

Subscribe to updates