Overblog Suivre ce blog
Administration Créer mon blog
KAV TEST Part 1

KAV TEST Part 1

FIRST PART based on the behaviour NB: "Accès refusé" on screenshots means "Access denied". 1) Execution protection a) with the TaskManager launched via Ctrl+Alt+Del: F1/F2 b) with srip32 launched by explorer.exe: F1/F2 c) with shellcode for running notepad.exe:...

Lire la suite

ENDPOINT AND DATA THEFT TEST

ENDPOINT AND DATA THEFT TEST

These tests concerns endpoint threats: with the success of USB key, IPOd, and removable media, this is an excellent attack and infection vector. Tests a, b, and c are simple demo which dump the content of My Documents folders, and file type content (Slurp).Other...

Lire la suite

ROOTKIT TESTS B

ROOTKIT TESTS B

B) Classical ("hiders"/intrusion/hackers tools), malwares/automated and demo Rootkits: 1) Hidding a process with Trojan.Constructor.Uniskit.H (BitDefender): a) detection: P1/P2 By ProcessWalker: b) prevention: P1/P2 Servicedriver installation is detected.But...

Lire la suite

STEALTH KEYLOGGERS TEST

STEALTH KEYLOGGERS TEST

C) Stealth keyloggers: Here only the detection is concerned : these commercial programs needs to be installed first with administrator privileges. Some keyloggers hide their own folders (not seen in Program Files folder). The result are often: F1: fail...

Lire la suite

ROOTKIT TEST PART A

ROOTKIT TEST PART A

Rootkit prevention and detection A) Detection and prevention protection: Also for prevention (service/driver instalation, phisical memory access) see the part 1 (behaviour tests). Here we use Agony rootkit to hide file, registry key and active process.We...

Lire la suite

OTHER MALWARES Part 11

OTHER MALWARES Part 11

-Backdoor Aladino: P1/P2 -Backdoor Clindestine.152.a: P1/P2 Symantec? never heard of that... -Backdoor.Yuri (DrWeb and Panda have the more appropriated name): P1/P2 The "disable Task manager" choosed for the server is easily detected and blocked: -Backdoor...

Lire la suite

OTHER MALWARES Part 5

OTHER MALWARES Part 5

-Bdoor backdoor: P1/P2 -Hanuman Backdoor: F1/P2 This backdoor does not try to be permanent by wrinting the run key (F1): -HKShell backdoor: P1/P2 -ICMPDoor backdoor: P1/P2 NB. ICMP is consdered as a "poor protocol", but it is certainly one of the most...

Lire la suite

OTHER MALWARES Part 7

OTHER MALWARES Part 7

On part 7 and 8 we'll illustrate trojan spy and trojan bankers, a kind of brazilian speciality...People who use to surf on .br or .por domains should take a look at this site where an helpful forum and a specific tool are dedicated in the eradication...

Lire la suite

OTHER MALWARES Part 10

OTHER MALWARES Part 10

-Trojan Downloader Small.dam: P1/P2 -Trojan Obfuscated.ev: P1/P2 -Trojan Spy Lmir.bgk: P1/P2 -Trojan Spy Mara.bo: P1/P2 -Trojan Spy Small.bs: P1/P2 Here again system process terminology is used: svchost is a generic process in relation with many services...

Lire la suite

OTHER MALWARES Part 9

OTHER MALWARES Part 9

-Trojan Spy QQPass.rq: P1/P2 -Trojan Spy Bancos.tl: P1/P2 -Trojan Spy Bancos.yt: P1/P2 -Trojan Spy Banker.axc: P1/P2 -Trojan Spy Banker.ccc: P1/P2 -Trojan Spy PdPinch.gen: P1/P2 -Trojan Spy Banbra: P1/P2 -Backdoor Delf.ag: P1/P2 -Backdoor Shadows (detected...

Lire la suite

1 2 3 > >>