How to detect elusive zero-day exploits in custom code?

Author
Mariana Rodriguez Author
|
2 hours ago Asked
|
1 Views
|
0 Replies
0

Hey AdsVolt community,

we're kinda hitting a wall over here and could really use some expert insights. our SaaS platform, which is mostly custom PHP and Node.js microservices, has been seeing some really strange, intermittent anomalies lately. these aren't your typical drive-by attacks; they're highly targeted, managing to bypass our WAF, IDS, and even our pretty robust behavioral monitoring systems. it's like they're just... slipping through.

the core problem is we're really struggling to pinpoint the exact vulnerability vector. we've done extensive code audits, static and dynamic analysis, and yet, no smoking gun. it's making us suspect either a deeply embedded, subtle flaw in our custom application logic or, even more concerning, a sophisticated zero-day exploit leveraging some obscure dependency we might not even be fully aware of. this is seriously impacting our application security posture.

we've observed some weird process spawns and unexpected network connections from our application servers that don't match any known legitimate activity. here's a snippet from one of our logs that really got us scratching our heads:

[2023-10-27 04:17:33] PID 12345: Process '/usr/bin/python3 /tmp/.cache/evilscript.py' initiated by PHP-FPM user 'www-data'.
[2023-10-27 04:17:34] NET_CONN: Outbound connection to 192.168.1.100:8080 from application process PID 12345.
[2023-10-27 04:17:35] FILE_IO: '/var/www/html/app/cache/malicious.log' created by PID 12345.

we're looking for advanced strategies, tools, or methodologies for deep-dive analysis and mitigation of such evasive threats. especially interested in approaches that go beyond standard SAST/DAST for large, custom PHP/Node.js codebases. are there specific runtime analysis tools, memory forensics techniques, or perhaps even threat hunting methodologies that have proven effective for detecting these super elusive exploits?

really appreciate any guidance here. waiting for an expert reply!

0 Answers

No answers yet.

Be the first to provide a helpful answer!

Your Answer

You must Log In to post an answer and earn reputation.