Search found 10 matches

by flir
Thu Jul 21, 2016 7:55 am
Forum: General Discussion
Topic: damagelab.org - the end of story?
Replies: 2
Views: 10207

Re: damagelab.org - the end of story?

ballz. God job guy :roll:
As you said, concern is if it will be public or not :/
by flir
Thu Jul 21, 2016 7:26 am
Forum: Newbie Questions
Topic: Symantec Datacenter Security - DSC - IPS kernel driver
Replies: 8
Views: 12029

Re: Symantec Datacenter Security - DSC - IPS kernel driver

Hi Vrtule, My apologies for the late reply, i have been in the process of moving house and had no interwebs. Thank you for the explanation! you pretty much hit the nail on the head with what i was seeking...i found my answer. So i really appreciate your insight into this topic it was been very infor...
by flir
Thu Jul 21, 2016 7:14 am
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 392770

Re: UACMe - Defeating Windows User Account Control

Thanks EP_XOFF, this is very informative, cheers! appreciate all the efforts into research, analysis and development in these flaws and for UACme. I've enjoyed all your discoveries over time! Keep up the good work and stay active! your a great asset to the community.
by flir
Sat Jun 25, 2016 4:11 am
Forum: Newbie Questions
Topic: Symantec Datacenter Security - DSC - IPS kernel driver
Replies: 8
Views: 12029

Re: Symantec Datacenter Security - DSC - IPS kernel driver

Thanks Vrtule! Your input and EP_X0FF has been more than i can find anywhere. I do appreciate it. Symantec haven't really provided insight. Sorry to sounds like a simpleton - Can a device driver (like Symantec DCS IPS) intercept and stop other device driver (rootkits) from accessing/executing in the...
by flir
Thu Jun 23, 2016 1:14 am
Forum: Newbie Questions
Topic: Symantec Datacenter Security - DSC - IPS kernel driver
Replies: 8
Views: 12029

Re: Symantec Datacenter Security - DSC - IPS kernel driver

thanks Vrtule, appreciate the reply. Thinking about it, I don't think it uses ELAM... as it work cross platform from old w2k3 and Unix (which doesn't support) elam, as ELAM wasn't introduced until Win8+. There is no documentation, nor will Symantec advise how the driver is loaded. I've asked them, i...
by flir
Wed Jun 22, 2016 11:31 am
Forum: Newbie Questions
Topic: Symantec Datacenter Security - DSC - IPS kernel driver
Replies: 8
Views: 12029

Re: Symantec Datacenter Security - DSC - IPS kernel driver

Thanks for the prompt reply! i appericare it, Sorry i could provide any more technical details. But the information you provided it. Im kind of understanding out :) from link: ELAM drivers must be specially signed by Microsoft to ensure they are started by the Windows kernel early in the boot proces...
by flir
Wed Jun 22, 2016 6:59 am
Forum: Newbie Questions
Topic: Symantec Datacenter Security - DSC - IPS kernel driver
Replies: 8
Views: 12029

Symantec Datacenter Security - DSC - IPS kernel driver

Hi KM Krew, I am not really to informed about how kernel mode devices/drivers work - So yes nub (so please forgive any retard mistakes, i will try clarify if any confusion). but recently i came across a product Symantec DataCenter Security and some of the system prevention it enables. From gathering...
by flir
Thu Oct 29, 2015 8:14 am
Forum: General Discussion
Topic: [Poll] What is your home AV? (part II)
Replies: 22
Views: 35614

Re: [Poll] What is your home AV? (part II)

Lightweight/Reliable.
v

Image
by flir
Fri Oct 16, 2015 6:46 am
Forum: General Discussion
Topic: INCEPTION #3
Replies: 9
Views: 13364

Re: INCEPTION #3

Not related to vx but Rafale #19 is out, i wrote few articles for them. 19.00 - Sommaire : Septembre 2015 Num + Titre ++++ Auteur -------------------------------------------------------------------------- 19.00 - Sommaire & Introduction & Disclaimer ---- Rafale 19.01 - BEEWi: Bluetooth App Reversin...
by flir
Thu Oct 08, 2015 7:34 am
Forum: Malware
Topic: Moker APT
Replies: 9
Views: 10296

Re: Moker APT