KernelMode.info

Is this Webroot SecureAnywhere supposed to do the same things that Rapport is doing (or should do)? Yes, except I think Webroot SecureAnywhere state they use different methods to Rapport, and often imply that they are superior. Other software that specifically make claim to having such protection m...

Looks like an interesting trojan. I'd also like to have the sample if you're willing to share it. Thanks.

How do you want to prevent/block if you don't know what is it, how does it work and what it exploits? By denying everything? Becoming a slave of "security" trashware is not the option for everyone. Many zero-day exploits can be easily mitigated by utilising a variety of programs, some of them free....

However, I was wondering if there was any (third-party) security mechanism/program that would always block zero-day threats like this. This is impossible. Even if someone is claiming that it will prevent/block any zero-day it's just a statement of fraud. Surely you mean zero-day kernel exploit?

http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter Would any (third-party) security mechanism block this? Deny access to T2EMBED.DLL http://technet.microsoft.com/en-us/security/advisory/2639658 See Suggested Actions, Workarounds. Duqu is a directed a...

http://www.securelist.com/en/blog/20819 ... TVs_Dexter

Would any (third-party) security mechanism block this?

Sorry, but I don't know what that means. It's probably easier if someone could directly upload and attach a working live malware that uses this technique. Otherwise, don't worry about it, and thanks for trying.

Any live samples please?

I have a POC which opens "cmd.exe" and "regedit.exe" within the memory of Microsoft Office. Anyone have malicious malware samples of this (or similar)?

Some information here:
http://ssj100.fullsubject.com/t319-exce ... sting#2640

Anyone got the POC demonstrated in this video?

http://www.offensive-security.com/offse ... explorer-c

Thanks.