Overblog Suivre ce blog
Administration Créer mon blog

DefenseWall Test -- Overall

OVERALL ________________________ Results and Ratings : * First part : 94 %: Excellent. * Second part : 71.5 %: Very good. * Third part : 23.5 %: Not sufficient. Rating threat by threat : The result may often depend on the user's configuration : what is...

Lire la suite

DefenseWall Test Part 3 Suite

DefenseWall Test Part 3 Suite

15° Man-in-the-middle (MIM) attack test : a. SSLSpoofer test: Since the file needs a service to work, it is stopped by DefenseWall. The spoofer has to be installed 'trusted to create and launch it's service, and to work; but as doing, DefenseWall is not...

Lire la suite

DEFENSEWALL TEST Part 3

DEFENSEWALL TEST Part 3

Part III Client/server side attacks and other tests 11° URL obfuscation DefenseWall doesn’t claim to protect against URL obfuscation. Failed . 12° Internet Explorer exploits a) WMF exploits Note : DefenseWall doesn’t claim to prevent exploits themselves,...

Lire la suite

DefenseWall Test Part 2 - suite -

DefenseWall Test Part 2 - suite -

Suite of Part 2 b) Worms and virus * With Feebs : The .hta file does launch IE on a false “hotmail.com secure mail server” link, mshta.exe is ‘untrusted too. Except the 100 % CPU annoyance, nothing happens once ‘untrusted processes are killed. Passed...

Lire la suite

DEFENSEWALL TEST Part 2

DEFENSEWALL TEST Part 2

Part II In the wild with real malwares 7° Boot sector/Bios/MBR protection : MBR virus DefenseWall does not provide boot sector protection, and most of all, its service/driver is not a boot start but a system start: consequently, the protection during...

Lire la suite

DEFENSEWALL TEST Part 1

DEFENSEWALL TEST Part 1

Part I Behaviour 1° Self-protection Intro : Execution protection DefenseWall doesn’t work on an execution-prevention principle. Then it won’t ever prevent Task Manager, Srip, notepad or calc.exe from being started (CreateProcessThread). It will just launch...

Lire la suite

DEFENSEWALL TEST **INTRO**

DEFENSEWALL TEST **INTRO**

TESTS DEFENSEWALL ____________________________________ DefenseWall is an HIPS program, working on the « white-list » principle : It reduces the rights of the programs and executable files running outside of the trusted zone. The idea is to set the programs...

Lire la suite

ROOTKIT Test 2

ROOTKIT Test 2

For the purpose of this test, we use two demonstrations which illustrate some rootkits methods, technology or behaviour. a.The first demonstration illustrates an hidden process method via Eprocess (physical memory access, ntoskrnl mapping etc).We use...

Lire la suite

GASPAR Hooker Test

GASPAR Hooker Test

Result of online scans: the original file is detected by none AV on Virustotal, and the next image is related to the recompiled file as an .exe: This file is a Proof of Concept trojan designed to illustrate some firewall evasion methods: it hooks via...

Lire la suite

PRESENTATION Part 2

Presentation of threats used in these tests: As said previously, we can't be as exhaustive as possibe: only samples of malwares and attacks are used.It is really statistically enough to test the efficiency of an HIPS. -adware/spyware: classical spywares...

Lire la suite

1 2 > >>