公开(公告)号：US10936380B1

公开(公告)日：2021-03-02

申请号：US16198430

申请日：2018-11-21

Applicant: STEALTHbits Technologies, Inc.

Inventor： Mikalaj Abramau

IPC: G06F9/54 ,  G06F16/17

Abstract: A method is described. The method includes checking a raw event generated by a file system against a set of predicates conditions indicative of a high-level user operation. The method also includes filtering multiple raw events with a finite state machine (FSM) in response to determining that the raw event matches a predicate condition. The method further includes identifying a single high-level event for the high-level user operation based on the multiple raw events filtered by the FSM.

公开(公告)号：US09298432B1

公开(公告)日：2016-03-29

申请号：US14656507

申请日：2015-03-12

Applicant: STEALTHbits Technologies, Inc.

Inventor： Mikalaj Abramau

IPC: G06F9/45

CPC classification number: G06F8/41 ,  G06F9/44521 ,  G06F9/4552

Abstract: A computing device configured for replacing a target method in intermediate language code is described. The computing device includes a processor. The computing device also includes memory in electronic communication with the processor. The computing device further includes instructions stored in the memory. The instructions are executable to import a hook method and hook type into a caller method module. The instructions are also executable to replace, in intermediate language code, any call to the target method in a caller method body with a call to the hook method. The instructions are further executable to compile the intermediate language code to assembly language code. The instructions are additionally executable to call the hook method in place of the target method.

Abstract translation: 描述了用于替换中间语言代码中的目标方法的计算设备。 计算设备包括处理器。 计算设备还包括与处理器进行电子通信的存储器。 计算设备还包括存储在存储器中的指令。 这些指令是可执行的，可以将一个挂钩方法和钩子类型导入到调用方法模块中。 这些指令也是可执行的，用中间语言代码替换调用方法主体中对目标方法的任何调用。 指令还可执行，以将中间语言代码编译成汇编语言代码。 这些指令是可执行的，可以调用hook方法来代替目标方法。

公开(公告)号：US10606766B1

公开(公告)日：2020-03-31

申请号：US15649931

申请日：2017-07-14

Applicant: STEALTHbits Technologies, Inc.

Inventor： Steve Rellinger ,  Sean Bergman ,  Pavel Shmakov

IPC: G06F12/14 ,  G06F21/60 ,  G06F21/62 ,  G06F21/50

Abstract: A method is described. The method includes monitoring a request to access one or more files via a shadow copy on a computing device. The method also includes preventing unauthorized access to the shadow copy based on a shadow copy access policy. Monitoring the request to access a shadow copy may include using a filter driver to intercept a request for a previously created shadow copy or a request to create a shadow copy.

公开(公告)号：US09807104B1

公开(公告)日：2017-10-31

申请号：US15142976

申请日：2016-04-29

Applicant: STEALTHbits Technologies, Inc.

Inventor： Anthony Nicholas Sarra

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0263 ,  H04L63/083 ,  H04L63/102 ,  H04L63/1441 ,  H04L63/20

Abstract: An authenticating device configured for network authentication is described. The authenticating device includes a processor. The authenticating device also includes memory in electronic communication with the processor. The authenticating device further includes instructions stored in the memory. The instructions are executable to intercept an authentication request sent to an authentication application program interface (API). The instructions are also executable to send the authentication request to a central server to identify malicious activity patterns based on authentication activity of a plurality of authenticating devices in a network environment. The instructions are further executable to determine whether to block an invocation of the authentication API based on blocking rules received from the central server.