Search found 3 matches

by KiFastCallEntry
Wed May 21, 2014 5:13 am
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 338077

Re: [2014-02-22]ARK for Windows x64: WIN64AST(Page7#65)

hey m5home, amazing project, i`d like to sugest you to change internet/firewall and add a feature to block a process id from accessing an specific remote port, that would be very useful, at least for me
by KiFastCallEntry
Tue Mar 04, 2014 10:02 pm
Forum: Malware
Topic: WinNT/Turla (WinNT/Pfinet, Uroburos rootkit)
Replies: 66
Views: 253827

Re: WinNT/Turla (WinNT/Pfinet, Uroburos rootkit)

great analysis guys,

patchguard does not detect this kind of hook?
by KiFastCallEntry
Wed Feb 26, 2014 2:10 pm
Forum: User-Mode Development
Topic: AV SP Discussion & Bypass
Replies: 121
Views: 215740

Re: AV SP Discussion & Bypass

nice work 0x16/7ton, some lock tricks you discovered are not working anymore, I just get pissed off when I don't know how they protected from the tricks, some AVs do not use any kind of FS driver filter, so I dont really get how they do it