Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Process Injection DInvoke
๐Ÿ—ฃdmchell


๐ŸŽ–@malwr
Bypassing Symantec Endpoint Protection for Fun & Profit!
๐Ÿ—ฃinput0

This is fun, but missing some details.

1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).

Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
๐Ÿ‘คR-EDDIT


๐ŸŽ–@malwr
House of Io โ€“ Bypassing Safe-Linking and attacking Glibc's tcache
๐Ÿ—ฃeyalitki

Very interesting! I remember noticing the same thing about the first chunk but didnโ€™t think much about. Good work getting a new exploit type out of the mitigationโ€™s.
๐Ÿ‘คmdulin2

In a classic "Thank you /r/netsec" /u/awarau888 and I were able to develop their initial attack variant that was posted here a few days ago, into a working bypass.
๐Ÿ‘คeyalitki


๐ŸŽ–@malwr