Security News > 2017 > March > The CIA's "Development Tradecraft DOs and DON'Ts" (Schneier on Security)

The CIA's "Development Tradecraft DOs and DON'Ts" (Schneier on Security)
2017-03-13 17:00

Useful best practices for malware writers, courtesy of the CIA. Seems like a lot of good advice. General: DO obfuscate or encrypt all strings and configuration data that directly relate to tool functionality. Consideration should be made to also only de-obfuscating strings in-memory at the moment the data is needed. When a previously de-obfuscated value is no longer needed, it...


News URL

https://www.schneier.com/blog/archives/2017/03/the_cias_develo.html