Search found 61 matches

by ssj100
Sat Dec 10, 2011 2:06 am
Forum: Tools/Software
Topic: Trusteer Rapport is really secure?
Replies: 12
Views: 20213

Re: Trusteer Rapport is really secure?

Is this Webroot SecureAnywhere supposed to do the same things that Rapport is doing (or should do)? Yes, except I think Webroot SecureAnywhere state they use different methods to Rapport, and often imply that they are superior. Other software that specifically make claim to having such protection m...
by ssj100
Fri Dec 09, 2011 8:05 pm
Forum: Tools/Software
Topic: Trusteer Rapport is really secure?
Replies: 12
Views: 20213

Re: Trusteer Rapport is really secure?

Looks like an interesting trojan. I'd also like to have the sample if you're willing to share it. Thanks.
by ssj100
Thu Dec 08, 2011 7:45 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55357

Re: W32.Duqu

How do you want to prevent/block if you don't know what is it, how does it work and what it exploits? By denying everything? Becoming a slave of "security" trashware is not the option for everyone. Many zero-day exploits can be easily mitigated by utilising a variety of programs, some of them free....
by ssj100
Thu Dec 08, 2011 6:33 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55357

Re: W32.Duqu

However, I was wondering if there was any (third-party) security mechanism/program that would always block zero-day threats like this. This is impossible. Even if someone is claiming that it will prevent/block any zero-day it's just a statement of fraud. Surely you mean zero-day kernel exploit?
by ssj100
Thu Dec 08, 2011 6:15 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55357

Re: W32.Duqu

http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter Would any (third-party) security mechanism block this? Deny access to T2EMBED.DLL http://technet.microsoft.com/en-us/security/advisory/2639658 See Suggested Actions, Workarounds. Duqu is a directed a...
by ssj100
Thu Dec 08, 2011 6:00 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55357

Re: W32.Duqu

http://www.securelist.com/en/blog/20819 ... TVs_Dexter

Would any (third-party) security mechanism block this?
by ssj100
Wed Dec 29, 2010 10:35 am
Forum: General Discussion
Topic: Malware running in memory of trusted process
Replies: 5
Views: 3715

Re: Request: Malware running in memory of trusted process

Sorry, but I don't know what that means. It's probably easier if someone could directly upload and attach a working live malware that uses this technique. Otherwise, don't worry about it, and thanks for trying.
by ssj100
Wed Dec 29, 2010 7:20 am
Forum: General Discussion
Topic: Malware running in memory of trusted process
Replies: 5
Views: 3715

Re: Request: Malware running in memory of trusted process

Any live samples please?
by ssj100
Wed Dec 29, 2010 1:57 am
Forum: General Discussion
Topic: Malware running in memory of trusted process
Replies: 5
Views: 3715

Malware running in memory of trusted process

I have a POC which opens "cmd.exe" and "regedit.exe" within the memory of Microsoft Office. Anyone have malicious malware samples of this (or similar)?

Some information here:
http://ssj100.fullsubject.com/t319-exce ... sting#2640
by ssj100
Thu Dec 23, 2010 8:17 pm
Forum: Completed Malware Requests
Topic: Malware Requests
Replies: 97
Views: 119943

New IE zero-day POC request

Anyone got the POC demonstrated in this video?

http://www.offensive-security.com/offse ... explorer-c

Thanks.