Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: Endpoints in a network execute a sensor module that intercepts commands to obtain information regarding a remote network resource. The sensor module compares a source of commands to a sanctioned list of applications. If the source is not sanctioned, then a simulated response can be provided to the source that references a decoy server.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: A method and system to create personalized investor information packages, based on investor information, to be delivered to the investor to satisfy both compliance regulations and investor preferences. The method and system may deliver information in a paper or electronic format.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.

Abstract: In some embodiments, a computer-implemented method for preventing credential passing attacks comprising: receiving an input; determining whether the input is a credential access command, wherein the determination comprises searching for occurrences of references to executables related to adding, reading, copying, or performing actions with respect to a credential, if the input is determined to be a credential access command, performing anomaly detection, wherein performing the anomaly detection comprises evaluating whether a user is a valid domain user, whether an elapsed time of the credential is greater than a maximum lifetime of the credential, and whether a privilege attribute certificate of the credential is valid, determining that an anomaly exists if the command was generated by an invalid domain user; an elapsed time of a credential is greater than a maximum lifetime, or the privilege attribute certificate of the credential is invalid, and performing mitigation of the anomaly.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Abstract: The invention provides compounds having STimulator of INterferon Genes (STING) agonistic bioactivity that can be used in the treatment of tumors in patients afflicted therewith. The compounds are of formula (I): as defined herein. Compounds for practice of a method of the invention can be delivered via oral delivery for systemic exposure, as well as delivered intratumorally. Antitumor therapy using a compound of formula (I) can further comprise administration of an effective dose of an immune-checkpoint targeting drug.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application the command is ignored and a simulated acknowledgment is sent or, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.

Abstract: The invention provides compounds having STimulator of INterferon Genes (STING) agonistic bioactivity that can be used in the treatment of tumors inpatients afflicted therewith. The compounds are of formula (IA), formula (I), and formula (II): wherein the various substituents are as defined herein. Ring A is a 5- or 6-membered heteroaryl comprising 1, 2, or 3 N atoms, unsubstituted or substituted with 1, 2, or 3 groups as defined herein. Compounds for practice of a method of the invention can be delivered via oral delivery for systemic exposure, as well as delivered intratumorally. Antitumor therapy using a compound of formula (I) can further comprise administration of an effective dose of an immunecheckpoint targeting drug.

Abstract: Described herein are techniques for performing a channel scan based on a mobility state of a device. The mobility state of a device relative to an access point may be determined using time-of-flight information. A channel scan may be performed based on the mobility state determination.

Abstract: A method and system to create personalized investor information packages, based on investor information, to be delivered to the investor to satisfy both compliance regulations and investor preferences. The method and system may deliver information in a paper or electronic format.

Abstract: An apparatus that at least stores objects of varying sizes, said apparatus includes adjustable trays configured to support the objects at bottom surfaces thereof and stationary or mobile panels for mounting the trays in a generally vertical plane. The panels can be provided as pegboard types or as slatwall types. The adjustable trays include a pair of brackets connected with a guide. A mounting portion of each bracket is adapted to mate with the corresponding panel type.

Abstract: The invention provides compounds having STimulator of INterferon Genes (STING) agonistic bioactivity that can be used in the treatment of tumors in patients afflicted therewith. The compounds are of formula (I): as defined herein. Compounds for practice of a method of the invention can be delivered via oral delivery for systemic exposure, as well as delivered intratumorally. Antitumor therapy using a compound of formula (I) can further comprise administration of an effective dose of an immune-checkpoint targeting drug.

Abstract: According to one embodiment, a malware detection and visualization system includes one or more processors; and a storage module communicatively coupled to the one or more processors, the storage module comprises logic, upon execution by the one or more processors, that accesses a first set of information that comprises (i) information directed to a plurality of observed events and (ii) information directed to one or more relationships that identify an association between different observed events of the plurality of observed events; and generates a reference model based on the first set of information, the reference model comprises at least a first event of the plurality of observed events, a second event of the plurality of observed events, and a first relationship that identifies that the second event is based on the first event, wherein at least one of (i) the plurality of observed events or (ii) the one or more relationships constitutes an anomalous behavior is provided.