Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Process Injection DInvoke
πŸ—£dmchell


πŸŽ–@malwr
Bypassing Symantec Endpoint Protection for Fun & Profit!
πŸ—£input0

This is fun, but missing some details.

1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).

Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
πŸ‘€R-EDDIT


πŸŽ–@malwr
House of Io – Bypassing Safe-Linking and attacking Glibc's tcache
πŸ—£eyalitki

Very interesting! I remember noticing the same thing about the first chunk but didn’t think much about. Good work getting a new exploit type out of the mitigation’s.
πŸ‘€mdulin2

In a classic "Thank you /r/netsec" /u/awarau888 and I were able to develop their initial attack variant that was posted here a few days ago, into a working bypass.
πŸ‘€eyalitki


πŸŽ–@malwr