le blog security

DefenseWall Test -- Overall (27/06/2006 publié dans : HIPS TESTS )

OVERALL ________________________Results and Ratings : * First part : 94 %: Excellent.* ...

DefenseWall Test Part 3 Suite (27/06/2006 publié dans : HIPS TESTS )

15° Man-in-the-middle (MIM) attack test :a. SSLSpoofer test:Since the file needs a service to work, it is stopped by DefenseWall.The spoofer has to be installed 'trusted to create and launch it's ...

DEFENSEWALL TEST Part 3 (27/06/2006 publié dans : HIPS TESTS )

Part III Client/server side attacks and other tests 11° URL obfuscation DefenseWall doesn’t claim to protect against URL obfuscation. Failed. 12° Internet Explorer exploits a) WMF exploits Note : ...

DefenseWall Test Part 2 - suite - (27/06/2006 publié dans : METHODOLOGY )

Suite of Part 2 b) Worms and virus * With Feebs : The .hta file does launch IE on a false “hotmail.com secure mail server” link, ...

DEFENSEWALL TEST Part 2 (27/06/2006 publié dans : HIPS TESTS )

Part II In the wild with real malwares 7° Boot sector/Bios/MBR protection : MBR virus DefenseWall ...

DEFENSEWALL TEST Part 1 (27/06/2006 publié dans : HIPS TESTS )

Part I Behaviour 1° Self-protection Intro : Execution protection DefenseWall doesn’t work on an execution-prevention ...

DEFENSEWALL TEST **INTRO** (27/06/2006 publié dans : HIPS TESTS )

TESTS DEFENSEWALL ____________________________________ DefenseWall is an HIPS program, working on the ...

ROOTKIT Test 2 (24/06/2006 publié dans : METHODOLOGY )

For the purpose of this test, we use two demonstrations which illustrate some rootkits methods, technology or behaviour.a.The first demonstration illustrates an hidden process method via ...

GASPAR Hooker Test (22/06/2006 publié dans : METHODOLOGY )

Result of online scans: the original file is detected by none AV on Virustotal, and the next image is related to the recompiled file as an .exe:This file is a Proof of Concept trojan designed to ...

PRESENTATION Part 2 (20/06/2006 publié dans : METHODOLOGY )

Presentation of threats used in these tests:As said previously, we can't be as exhaustive as possibe: only samples of malwares and attacks are used.It is really statistically enough to test the ...

MSN TEST 2 (19/06/2006 publié dans : METHODOLOGY )

With MSN Pass Sender:We configure this password stealer (here named roberto) and launch it:Here the fake process crss.exe is launched:Now the fake crss.exe install its windows hooks via ...

ROOTKIT TEST (18/06/2006 publié dans : METHODOLOGY )

Here we just illustrate some rootkit behaviours and show detection by some well known or not anti-rootkit tools.For more information, it can be suited to take a look at the next version of my ...

MAN in the MIDDLE TEST with SSLAGY (R) (14/06/2006 publié dans : METHODOLOGY )

This tool designed by a french specialist is a Proof of Concept wich illustrates HTTPS Man in the Middle attack via Internet Explorer.This tool has been renamed for TOS reasons, and is currently ...

MSN TESTS (13/06/2006 publié dans : METHODOLOGY )

With MSN to CGI:This tool uses a kind of social engineering attack in order to delude the user.Firstly it terminates the real Messenger, and replaces it by a fake one; then the user is prompted to ...

HOOKDUMP Requests (05/06/2006 publié dans : METHODOLOGY )

NB.This old keylogger is designed for 16 bits and not win32 system, that's why ntdvm.exe is required.In red, the creation of the log.# Time sent Dur. Process Thread ID ...

PCFlank Leaktest part 2 (05/06/2006 publié dans : METHODOLOGY )

Processes:PID ParentPID User Path --------------------------------------------------272 1476 POSTE2:Administrateur C:Documents and SettingsAdministrateur.POSTE2Mes ...

PCFlank Leaktest (04/06/2006 publié dans : METHODOLOGY )

This is the new version of the PCFlank Leaktest.Since there's no "allow/permit" rule for the browser (in our case Internet Explorer), we can't consider that it bypasses firewalls.In fact ...

Recommander

Archives

Catégories

Calendrier

Articles récents

Recherche