Abstract: Techniques for reducing network bandwidth for remote content display include storing, in a buffer, by a first client device of a plurality of client devices participating in a co-editing session, a plurality of cursor coordinates of a cursor displayed on a display of the first client device. The plurality of cursor coordinates are stored in the buffer during a throttle time period. Responsive to a determination that the throttle time period has elapsed, the first client device obtains from the buffer and transmits the plurality of cursor coordinates in a data packet. Receipt of the plurality of cursor coordinates enables a representation of the cursor to be displayed on displays of each of the plurality of client devices other than the first client device based at least in part on the plurality of cursor coordinates.

Abstract: Techniques for reducing network bandwidth for remote content display include storing, in a buffer, by a first client device of a plurality of client devices participating in a co-editing session, a plurality of cursor coordinates of a cursor displayed on a display of the first client device. The plurality of cursor coordinates are stored in the buffer during a throttle time period. Responsive to a determination that the throttle time period has elapsed, the first client device obtains from the buffer and transmits the plurality of cursor coordinates in a data packet. Receipt of the plurality of cursor coordinates enables a representation of the cursor to be displayed on displays of each of the plurality of client devices other than the first client device based at least in part on the plurality of cursor coordinates.

Abstract: Apparatus, systems, methods, and articles of manufacture for fingerprinting and classifying application behaviors using telemetry are disclosed. An example apparatus includes a trace processor to process events in a processor trace to capture application execution behavior; a fingerprint extractor to extract a first fingerprint from the captured application execution behavior and performance monitor information; a fingerprint clusterer to, in a training mode cluster the first fingerprint and the second fingerprint into a cluster of fingerprints to be stored in a fingerprint database with a classification; and a fingerprint classifier to, in a deployed mode, classify a third fingerprint, the fingerprint classifier to trigger a remedial action when the classification is malicious.

Abstract: Various embodiments of systems and methods are described herein for executing software programs deployed in a distributed network. The enterprise application specific to a geographical jurisdiction may request for the software programs deployed in the distributed network to execute a specific business process. The enterprise application sends a service request to the distributed network for completion of a business process specific to the given jurisdiction. An application executing in the distributed network receives such service requests from multiple enterprise applications. The application retrieves the appropriate software program(s) deployed in the distributed network and generates the localization software program based on the received service request. Execution of the localization software program facilitates completion of the requested business process by generating reports specific to the given jurisdiction.

Abstract: Apparatus, systems, methods, and articles of manufacture for fingerprinting and classifying application behaviors using telemetry are disclosed. An example apparatus includes a trace processor to process events in a processor trace to capture application execution behavior; a fingerprint extractor to extract a first fingerprint from the captured application execution behavior and performance monitor information; a fingerprint clusterer to, in a training mode cluster the first fingerprint and the second fingerprint into a cluster of fingerprints to be stored in a fingerprint database with a classification; and a fingerprint classifier to, in a deployed mode, classify a third fingerprint, the fingerprint classifier to trigger a remedial action when the classification is malicious.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed that analyze computer system attack mechanisms. An example apparatus includes a graph generator utilizing a natural language processing model to generate a graph based on a publication, an analyzer to: analyze two or more nodes in the graph by identifying respective attributes of the two or more nodes in the graph, and provide an indication of the two or more nodes that include similar respective attributes, a variation generator to generate an attack mechanism based on the indication, and a weight postulator to obtain the generated attack mechanism and, based on (A) the two or more nodes in the graph and (B) the generated attack mechanism, indicate a weight associated with a severity of the generated attack mechanism.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to receive a function call, determine the location of a memory page that initiated the function call, determine if the memory page is associated with a trusted module, and block the function call if the memory page is not associated with the trusted module. In addition, the system can determine the return address for the function call and block the function call if the return address does not belong to the trusted module. Further, the system can determine a parameter for the function call, determine if the parameter is a known parameter used by the process that called the function, and block the function call if the parameter is not the known parameter used by the process that called the function.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to execute an application in a system with an operating system, perform event tracing for the application, analyze each instruction pointer from the event tracing, and determine if an instruction pointer points to an orphan page of memory. The orphan page can be a region of code that is not associated with the application, a region of code that is unidentified, or unusual code that is not associated with the application. In addition, the event tracing can be an embedded application that is part of the operating system.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to receive a function call, determine the location of a memory page that initiated the function call, determine if the memory page is associated with a trusted module, and block the function call if the memory page is not associated with the trusted module. In addition, the system can determine the return address for the function call and block the function call if the return address does not belong to the trusted module. Further, the system can determine a parameter for the function call, determine if the parameter is a known parameter used by the process that called the function, and block the function call if the parameter is not the known parameter used by the process that called the function.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to receive a function call, determine the location of a memory page that initiated the function call, determine if the memory page is associated with a trusted module, and block the function call if the memory page is not associated with the trusted module. In addition, the system can determine the return address for the function call and block the function call if the return address does not belong to the trusted module. Further, the system can determine a parameter for the function call, determine if the parameter is a known parameter used by the process that called the function, and block the function call if the parameter is not the known parameter used by the process that called the function.

Abstract: Various embodiments of systems and methods are described herein for executing software programs deployed in a distributed network. The enterprise application specific to a geographical jurisdiction may request for the software programs deployed in the distributed network to execute a specific business process. The enterprise application sends a service request to the distributed network for completion of a business process specific to the given jurisdiction. An application executing in the distributed network receives such service requests from multiple enterprise applications. The application retrieves the appropriate software program(s) deployed in the distributed network and generates the localization software program based on the received service request. Execution of the localization software program facilitates completion of the requested business process by generating reports specific to the given jurisdiction.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to execute an application in a system with an operating system, perform event tracing for the application, analyze each instruction pointer from the event tracing, and determine if an instruction pointer points to an orphan page of memory. The orphan page can be a region of code that is not associated with the application, a region of code that is unidentified, or unusual code that is not associated with the application. In addition, the event tracing can be an embedded application that is part of the operating system.

Abstract: A software sample is identified that includes code and a control flow graph is generated for each of a plurality of functions included in the sample. Features are identified in each of the functions that correspond to instances of a set of control flow fragment types. A feature set is generated for the sample from the identified features.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to receive a function call, determine the location of a memory page that initiated the function call, determine if the memory page is associated with a trusted module, and block the function call if the memory page is not associated with the trusted module. In addition, the system can determine the return address for the function call and block the function call if the return address does not belong to the trusted module. Further, the system can determine a parameter for the function call, determine if the parameter is a known parameter used by the process that called the function, and block the function call if the parameter is not the known parameter used by the process that called the function.

Abstract: A software sample is identified that includes code and a control flow graph is generated for each of a plurality of functions included in the sample. Features are identified in each of the functions that correspond to instances of a set of control flow fragment types. A feature set is generated for the sample from the identified features.

Abstract: A system, method, and computer program product are provided for redirecting internet relay chat (IRC) traffic identified utilizing a port-independent algorithm and controlling IRC based malware. In use, IRC traffic communicated via a network is identified utilizing a port-independent algorithm. Furthermore, the IRC traffic is redirected to a honeypot.

Abstract: A system, method, and computer program product are provided for detecting hidden or modified data objects. In use, a first set of data objects stored in a device is enumerated, where the enumeration of the first set of data objects is performed within an operating system of the device. Additionally, a second set of data objects stored in the device is enumerated, where the enumeration of the second set of data objects is performed outside of the operating system of the device. Further, the first set of data objects and the second set of data objects are compared for identifying hidden or modified data objects.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting obfuscated malware.

Abstract: A rootkit scanning system, method, and computer program product are provided. In use, at least one hook is traversed. Further, code is identified based on the traversal of the at least one hook. In addition, the code is scanned for at least one rootkit.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting obfuscated malware.