View Single Post
  #5  
Old 03-08-2017, 19:52
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
Without citing sources for you claims, your "collection" of statements is practically worthless, sorry.

Just a few less hyperbolic comments:
  • The registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run certainly wasn't classified as "secret" as you claim. The page talking about a *module* which exposes functionality to create a key in that path was. It even says that on the page "Technique Origin: Internet/open-source (Well-known)".
  • wrt SHA384 it's pretty clear that advice is to not truncate the result any further. Not that truncation may never happen in any form.
  • Same for AES. It says minimum bit length is 256 - entirely correct from a mathematical perspective.
  • It's not only about the time stamp of the executable file itself - it's also about time stamps in included files, resources or other lesser known compiler/linker artifacts that might carry time stamps with them. In general, these folks of course do care a lot about making it harder for 3rd parties to attribute anything to them. See their internal discussion about the equation group kaspersky reports.
Reply With Quote