Abstract: Data is received that includes at least a portion of a program. Thereafter, entry point locations and execution-relevant metadata of the program are identified and retrieved. Regions of code within the program are then identified using static disassembly and based on the identified entry point locations and metadata. In addition, entry points are determined for each of a plurality of functions. Thereafter, a set of possible call sequences are generated for each function based on the identified regions of code and the determined entry points for each of the plurality of functions. Related apparatus, systems, techniques and articles are also described.

Abstract: Data is received or accessed that includes a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file. Thereafter, code and data regions are iteratively identified in the structured file. Such identification is analyzed so that at least one feature can be extracted from the structured file. Related apparatus, systems, techniques and articles are also described.

Abstract: The present disclosure involves systems and computer-implemented methods for installing software hooks. One process includes identifying a target method and a hook code, where the hook code is to execute instead of at least a portion of the target method, and wherein the target method and the hook code are executed within a managed code environment. A compiled version of the target method and a compiled version of the hook code are located in memory, where the compiled versions of the target method and the hook code are compiled in native code. Then, the compiled version of the target method is modified to direct execution of at least a portion of the compiled version of the target method to the compiled version of the hook code. The non-compiled version of the target method may be originally stored as bytecode. The managed code environment may comprise a managed .NET environment.

Abstract: Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer's current environment, and external factors. Related apparatus, systems, techniques and articles are also described.

Abstract: Data is received that includes at least a portion of a program. Thereafter, entry point locations and execution-relevant metadata of the program are identified and retrieved. Regions of code within the program are then identified using static disassembly and based on the identified entry point locations and metadata. In addition, entry points are determined for each of a plurality of functions. Thereafter, a set of possible call sequences are generated for each function based on the identified regions of code and the determined entry points for each of the plurality of functions. Related apparatus, systems, techniques and articles are also described.

Abstract: Data is received that includes at least a portion of a program. Thereafter, entry point locations and execution-relevant metadata of the program are identified and retrieved. Regions of code within the program are then identified using static disassembly and based on the identified entry point locations and metadata. In addition, entry points are determined for each of a plurality of functions. Thereafter, a set of possible call sequences are generated for each function based on the identified regions of code and the determined entry points for each of the plurality of functions. Related apparatus, systems, techniques and articles are also described.

Abstract: A sample of data is placed within a directed graph that comprises a plurality of hierarchical nodes that form a queue of work items for a particular worker class that are used to process the sample of data. Subsequently, work items are scheduled within the queue for each of a plurality of workers by traversing the nodes of the directed graph. The work items are then served to the workers according to the queue. Results can later be received from the workers for the work items (the nodes of the directed graph are traversed based on the received results). In addition, in some variations, the results can be classified so that one or models can be generated. Related systems, methods, and computer program products are also described.

Abstract: A computer implemented method for preventing SQL injection attacks comprises intercepting a web request associated with a web service at a first software hook in a first web service execution context, persisting at least a portion of the intercepted web request in a storage location associated with the first software hook and accessible to at least one additional execution context, intercepting a database query generated by at least one web service processing operation at a second software hook associated with the execution of the query, wherein the query is generated in response to the intercepted web request and the second hook retrieves the persisted portion of the intercepted web request, comparing a portion of the persisted portion of the intercepted web request with at least a portion of the intercepted database query, and determining, prior to the query being executed, whether the query corresponds to a potential SQL injection attack.

Abstract: The present disclosure involves systems and computer-implemented methods for installing software hooks. One process includes identifying a target method and a hook code, where the hook code is to execute instead of at least a portion of the target method, and wherein the target method and the hook code are executed within a managed code environment. A compiled version of the target method and a compiled version of the hook code are located in memory, where the compiled versions of the target method and the hook code are compiled in native code. Then, the compiled version of the target method is modified to direct execution of at least a portion of the compiled version of the target method to the compiled version of the hook code. The non-compiled version of the target method may be originally stored as bytecode. The managed code environment may comprise a managed .NET environment.

Abstract: A computer implemented method for preventing SQL injection attacks comprises intercepting a web request associated with a web service at a first software hook in a first web service execution context, persisting at least a portion of the intercepted web request in a storage location associated with the first software hook and accessible to at least one additional execution context, intercepting a database query generated by at least one web service processing operation at a second software hook associated with the execution of the query, wherein the query is generated in response to the intercepted web request and the second hook retrieves the persisted portion of the intercepted web request, comparing a portion of the persisted portion of the intercepted web request with at least a portion of the intercepted database query, and determining, prior to the query being executed, whether the query corresponds to a potential SQL injection attack.