Search found 267 matches

by kmd
Mon Oct 03, 2016 9:27 am
Forum: Tools/Software
Topic: DSEFix - Defeating x64 Driver Signature Enforcement
Replies: 39
Views: 156250

Re: DSEFix - Defeating x64 Driver Signature Enforcement

Hello, are you goinh to use doing capcom.sys for similar loader?
by kmd
Sun Jun 19, 2016 12:26 pm
Forum: Malware
Topic: Taggant vs malware
Replies: 1
Views: 3207

Taggant vs malware

Hey,
http://standards.ieee.org/develop/indco ... aggant.pdf is it worth anything Vs. malware? Opinions?
by kmd
Thu Feb 11, 2016 5:55 am
Forum: Tools/Software
Topic: VBoxAntiVMDetectHardened mitigation X64 only
Replies: 249
Views: 1603554

Re: VBoxAntiVMDetectHardened mitigation X64 only (27/01/16)

is there any patch for 5.0.14 available? thanks!
by kmd
Wed Jan 20, 2016 9:55 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 378869

Re: ZeroAccess (alias MaxPlus, Sirefef)

hi, why number of bots online so small?
by kmd
Fri Jun 19, 2015 2:32 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 135
Views: 346389

Re: UACMe - Defeating Windows User Account Control

In addition 10147 broke ISecurityEditor->SetSecurity method. It now returns E_INVALID_ARG. It could be method parameters change or internal reworking. This mean methods related to Simda are dead. Dead for a while (if it possible to recover new definition of interface) or completely (if this change ...
by kmd
Tue Mar 31, 2015 3:05 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 135
Views: 346389

Re: UACMe - Defeating Windows User Account Control

have you figured out why gootkit method doesnt work on win10?
by kmd
Wed Jan 28, 2015 5:29 pm
Forum: Malware
Topic: Necurs - another x64 rootkit
Replies: 70
Views: 77968

Re: Necurs - another x64 rootkit

me again 8-) i'm plan to test this rootkit on x64 windows, should i take latest win version or try on smth like windows 7?
by kmd
Wed Jan 28, 2015 5:27 pm
Forum: Reverse Engineering and Debugging
Topic: warthunder and windbg
Replies: 2
Views: 6239

Re: warthunder and windbg

yeah they have this check in all exe-s, maybe sort of shared framework, anyway simple patch of NtQuerySystemInformation did the job.
by kmd
Mon Jan 19, 2015 5:45 pm
Forum: Reverse Engineering and Debugging
Topic: warthunder and windbg
Replies: 2
Views: 6239

warthunder and windbg

hi guys, dont think it isn't advertising :D I'm tried warthunder (wot clone) and surprisely it won't start if windbg is running. Not launcher not game itself. It started after i disabled debug mode. Only after this. The question: how it detect it and how to bypass this, coz i really dont want to do ...
by kmd
Sun Jan 18, 2015 5:05 am
Forum: Malware
Topic: ZeroAccess and Windows 8.1
Replies: 5
Views: 2605

Re: ZeroAccess (alias MaxPlus, Sirefef)

sound like you advising use windows 8.1 :D