A forum for reverse engineering, OS internals and malware analysis 

Search found 10 matches

 Go to advanced search

Re: damagelab.org - the end of story?

 by flir ¦  Thu Jul 21, 2016 7:55 am ¦  Forum: General Discussion ¦  Topic: damagelab.org - the end of story? ¦  Replies: 3 ¦  Views: 11520

ballz. God job guy :roll:
As you said, concern is if it will be public or not :/

Re: Symantec Datacenter Security - DSC - IPS kernel driver

 by flir ¦  Thu Jul 21, 2016 7:26 am ¦  Forum: Newbie Questions ¦  Topic: Symantec Datacenter Security - DSC - IPS kernel driver ¦  Replies: 8 ¦  Views: 12506

Hi Vrtule, My apologies for the late reply, i have been in the process of moving house and had no interwebs. Thank you for the explanation! you pretty much hit the nail on the head with what i was seeking...i found my answer. So i really appreciate your insight into this topic it was been very infor...

Re: UACMe - Defeating Windows User Account Control

 by flir ¦  Thu Jul 21, 2016 7:14 am ¦  Forum: Tools/Software ¦  Topic: UACMe - Defeating Windows User Account Control ¦  Replies: 136 ¦  Views: 444088

Thanks EP_XOFF, this is very informative, cheers! appreciate all the efforts into research, analysis and development in these flaws and for UACme. I've enjoyed all your discoveries over time! Keep up the good work and stay active! your a great asset to the community.

Re: Symantec Datacenter Security - DSC - IPS kernel driver

 by flir ¦  Sat Jun 25, 2016 4:11 am ¦  Forum: Newbie Questions ¦  Topic: Symantec Datacenter Security - DSC - IPS kernel driver ¦  Replies: 8 ¦  Views: 12506

Thanks Vrtule! Your input and EP_X0FF has been more than i can find anywhere. I do appreciate it. Symantec haven't really provided insight. Sorry to sounds like a simpleton - Can a device driver (like Symantec DCS IPS) intercept and stop other device driver (rootkits) from accessing/executing in the...

Re: Symantec Datacenter Security - DSC - IPS kernel driver

 by flir ¦  Thu Jun 23, 2016 1:14 am ¦  Forum: Newbie Questions ¦  Topic: Symantec Datacenter Security - DSC - IPS kernel driver ¦  Replies: 8 ¦  Views: 12506

thanks Vrtule, appreciate the reply. Thinking about it, I don't think it uses ELAM... as it work cross platform from old w2k3 and Unix (which doesn't support) elam, as ELAM wasn't introduced until Win8+. There is no documentation, nor will Symantec advise how the driver is loaded. I've asked them, i...

Re: Symantec Datacenter Security - DSC - IPS kernel driver

 by flir ¦  Wed Jun 22, 2016 11:31 am ¦  Forum: Newbie Questions ¦  Topic: Symantec Datacenter Security - DSC - IPS kernel driver ¦  Replies: 8 ¦  Views: 12506

Thanks for the prompt reply! i appericare it, Sorry i could provide any more technical details. But the information you provided it. Im kind of understanding out :) from link: ELAM drivers must be specially signed by Microsoft to ensure they are started by the Windows kernel early in the boot proces...

Symantec Datacenter Security - DSC - IPS kernel driver

 by flir ¦  Wed Jun 22, 2016 6:59 am ¦  Forum: Newbie Questions ¦  Topic: Symantec Datacenter Security - DSC - IPS kernel driver ¦  Replies: 8 ¦  Views: 12506

Hi KM Krew, I am not really to informed about how kernel mode devices/drivers work - So yes nub (so please forgive any retard mistakes, i will try clarify if any confusion). but recently i came across a product Symantec DataCenter Security and some of the system prevention it enables. From gathering...

Re: [Poll] What is your home AV? (part II)

 by flir ¦  Thu Oct 29, 2015 8:14 am ¦  Forum: General Discussion ¦  Topic: [Poll] What is your home AV? (part II) ¦  Replies: 22 ¦  Views: 36957

Lightweight/Reliable.
v

Image

Re: INCEPTION #3

 by flir ¦  Fri Oct 16, 2015 6:46 am ¦  Forum: General Discussion ¦  Topic: INCEPTION #3 ¦  Replies: 9 ¦  Views: 13981

Not related to vx but Rafale #19 is out, i wrote few articles for them. 19.00 - Sommaire : Septembre 2015 Num + Titre ++++ Auteur -------------------------------------------------------------------------- 19.00 - Sommaire & Introduction & Disclaimer ---- Rafale 19.01 - BEEWi: Bluetooth App Reversin...

Re: Moker APT

 by flir ¦  Thu Oct 08, 2015 7:34 am ¦  Forum: Malware ¦  Topic: Moker APT ¦  Replies: 9 ¦  Views: 11027