Search found 50 matches

by 0x16/7ton
Tue Oct 02, 2012 5:19 pm
Forum: Tools/Software
Topic: PoC Tool AVkill
Replies: 14
Views: 33067

Re: PoC Tool AVkill

yes I've read the article but unfortunately I didn't get that point. Anyway suppose we're trying to exploit a target machine and once established the connection we want to escalate privileges in order to conduct a more complete attack; in this case if the target machine is running an av will easily...
by 0x16/7ton
Tue Oct 02, 2012 4:56 pm
Forum: Tools/Software
Topic: PoC Tool AVkill
Replies: 14
Views: 33067

Re: PoC Tool AVkill

Thank you very much 0x16/7ton! I have one question for you: after establishing a connection with the target machine using a malicious payload, in order to kill the av process do i need to specify any PID or your script will just look for any av PIDs and kill them? mmmm?? you read article?)It is loc...
by 0x16/7ton
Tue Oct 02, 2012 3:32 pm
Forum: Tools/Software
Topic: PoC Tool AVkill
Replies: 14
Views: 33067

Re: PoC Tool AVkill

cool find! aside from killing these av's... can it be considered as new way of autoloading payload dlls? p.s. year ago i did kis2012 bypassing with autoclicker - he installed my own app as service via windows scripting without any beep from proactive defense. Of cource it can,for example attack bro...
by 0x16/7ton
Tue Oct 02, 2012 10:56 am
Forum: Tools/Software
Topic: PoC Tool AVkill
Replies: 14
Views: 33067

PoC Tool AVkill

Hello all :) Now i show you some simple method,killing 32-bit process ...for example Kaspersky v13.0.1.4190 avp.exe :D First of all read this: http://technet.microsoft.com/en-us/library/dd837644%28v=ws.10%29.aspx Okay i am called this Shims engine attack :ugeek: Then download that ms toolkit: http:/...
by 0x16/7ton
Sat Sep 29, 2012 5:17 pm
Forum: User-Mode Development
Topic: AV SP Discussion & Bypass
Replies: 121
Views: 219960

Re: Kill kaspersky 2012 from user mode :)

Hello, Test complete. PoC working - Kaspersky v13.0.1.4190 with default settings successfully prevented from work (including service). All job done from user mode - Kaspersky don't popup any warnings etc, all it hooks stay in place. GJ. Seems this method can be adopted for some malware usage. Thank...
by 0x16/7ton
Sat Sep 29, 2012 9:22 am
Forum: User-Mode Development
Topic: AV SP Discussion & Bypass
Replies: 121
Views: 219960

Re: Kill kaspersky 2012 from user mode :)

enough please.I'am send poc EP_X0FF.
by 0x16/7ton
Fri Sep 28, 2012 6:56 am
Forum: User-Mode Development
Topic: AV SP Discussion & Bypass
Replies: 121
Views: 219960

Re: Kill kaspersky 2012 from user mode :)

EP_X0FF wrote: To the above method? How do you tested it?
O sorry,i have another method.If you need know i can send you private message on russian )).
by 0x16/7ton
Thu Sep 27, 2012 5:36 pm
Forum: User-Mode Development
Topic: AV SP Discussion & Bypass
Replies: 121
Views: 219960

Re: Kill kaspersky 2012 from user mode :)

hmm..Kaspersky 2013 still vulnerable :)
by 0x16/7ton
Thu Sep 27, 2012 5:09 pm
Forum: Kernel-Mode Development
Topic: "InstanceSetupCallback" never called by minifilter
Replies: 2
Views: 3212

Re: "InstanceSetupCallback" never called by minifilter

may be in inf file you need change to this
Instance1.Altitude = "265000"
Instance1.Flags = 0x0