A forum for reverse engineering, OS internals and malware analysis 

Search found 61 matches

 Go to advanced search

Re: Trusteer Rapport is really secure?

 by ssj100 ¦  Sat Dec 10, 2011 2:06 am ¦  Forum: Tools/Software ¦  Topic: Trusteer Rapport is really secure? ¦  Replies: 12 ¦  Views: 20459

Is this Webroot SecureAnywhere supposed to do the same things that Rapport is doing (or should do)? Yes, except I think Webroot SecureAnywhere state they use different methods to Rapport, and often imply that they are superior. Other software that specifically make claim to having such protection m...

Re: Trusteer Rapport is really secure?

 by ssj100 ¦  Fri Dec 09, 2011 8:05 pm ¦  Forum: Tools/Software ¦  Topic: Trusteer Rapport is really secure? ¦  Replies: 12 ¦  Views: 20459

Looks like an interesting trojan. I'd also like to have the sample if you're willing to share it. Thanks.

Re: W32.Duqu

 by ssj100 ¦  Thu Dec 08, 2011 7:45 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

How do you want to prevent/block if you don't know what is it, how does it work and what it exploits? By denying everything? Becoming a slave of "security" trashware is not the option for everyone. Many zero-day exploits can be easily mitigated by utilising a variety of programs, some of them free....

Re: W32.Duqu

 by ssj100 ¦  Thu Dec 08, 2011 6:33 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

However, I was wondering if there was any (third-party) security mechanism/program that would always block zero-day threats like this. This is impossible. Even if someone is claiming that it will prevent/block any zero-day it's just a statement of fraud. Surely you mean zero-day kernel exploit?

Re: W32.Duqu

 by ssj100 ¦  Thu Dec 08, 2011 6:15 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter Would any (third-party) security mechanism block this? Deny access to T2EMBED.DLL http://technet.microsoft.com/en-us/security/advisory/2639658 See Suggested Actions, Workarounds. Duqu is a directed a...

Re: W32.Duqu

 by ssj100 ¦  Thu Dec 08, 2011 6:00 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

http://www.securelist.com/en/blog/20819 ... TVs_Dexter

Would any (third-party) security mechanism block this?

Re: Request: Malware running in memory of trusted process

 by ssj100 ¦  Wed Dec 29, 2010 10:35 am ¦  Forum: General Discussion ¦  Topic: Malware running in memory of trusted process ¦  Replies: 5 ¦  Views: 3844

Sorry, but I don't know what that means. It's probably easier if someone could directly upload and attach a working live malware that uses this technique. Otherwise, don't worry about it, and thanks for trying.

Re: Request: Malware running in memory of trusted process

 by ssj100 ¦  Wed Dec 29, 2010 7:20 am ¦  Forum: General Discussion ¦  Topic: Malware running in memory of trusted process ¦  Replies: 5 ¦  Views: 3844

Any live samples please?

Malware running in memory of trusted process

 by ssj100 ¦  Wed Dec 29, 2010 1:57 am ¦  Forum: General Discussion ¦  Topic: Malware running in memory of trusted process ¦  Replies: 5 ¦  Views: 3844

I have a POC which opens "cmd.exe" and "regedit.exe" within the memory of Microsoft Office. Anyone have malicious malware samples of this (or similar)?

Some information here:
http://ssj100.fullsubject.com/t319-exce ... sting#2640

New IE zero-day POC request

 by ssj100 ¦  Thu Dec 23, 2010 8:17 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests ¦  Replies: 97 ¦  Views: 121254

Anyone got the POC demonstrated in this video?

http://www.offensive-security.com/offse ... explorer-c

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7