Darien Kindlund - Fletch | LinkedIn (original) (raw)
About
Darien Kindlund is a veteran security principal, who has developed multiple tactical and…
Activity
2K followers
Experience & Education
Fletch
View Darien’s full experience
See their title, tenure and more.
Publications
Patents
Issued April 5, 2022 US 11297074
According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to…
According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.
Other inventors
Issued November 24, 2020 US 10848521
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user…
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.
Other inventors
Issued November 11, 2019 US 10467414
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures…
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.
Other inventors
Issued July 2, 2019 US 10335738B1
According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and…
According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
Other inventors
-
See patent System and method for detecting malicious activity based on at least one environmental property
Issued April 3, 2018 US 9934381
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures…
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.
Other inventors
Issued March 6, 2018 US 9912698
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user…
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.
Other inventors
Issued February 7, 2017 US 9565202
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed within a virtual machine that simulates a target operating environment associated with the malicious content suspect. A packet inspection is performed on outbound network traffic initiated by the malicious content suspect to determine whether the outbound network traffic matches a predetermined network traffic pattern. An alert is generated indicating that the…
Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed within a virtual machine that simulates a target operating environment associated with the malicious content suspect. A packet inspection is performed on outbound network traffic initiated by the malicious content suspect to determine whether the outbound network traffic matches a predetermined network traffic pattern. An alert is generated indicating that the malicious content suspect should be declared as malicious, in response to determining that the outbound network traffic matches the predetermined network traffic pattern.
Other inventors
Issued January 3, 2017 US 9536091
According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and…
According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
Other inventors
Issued August 11, 2015 US 9104867
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user…
Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.
Other inventors
Issued March 31, 2014 US 9223972
According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with…
According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.
Other inventors
Projects
Recommendations received
LinkedIn User
“In the short time that I've worked with Darien, I've come to realize that not only is he exceptional at what he does but possesses the rare trait of wanting to impart his knowledge upon others. He is always willing to help without hesitation and is an extremely valuable addition to any team.”
Other similar profiles
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.