Overblog Suivre ce blog
Administration Créer mon blog

29 articles avec methodology

GASPAR Hooker Test

GASPAR Hooker Test

Result of online scans: the original file is detected by none AV on Virustotal, and the next image is related to the recompiled file as an .exe: This file is a Proof of Concept trojan designed to illustrate some firewall evasion methods: it hooks via...

Lire la suite

PRESENTATION Part 2

Presentation of threats used in these tests: As said previously, we can't be as exhaustive as possibe: only samples of malwares and attacks are used.It is really statistically enough to test the efficiency of an HIPS. -adware/spyware: classical spywares...

Lire la suite

MSN TEST 2

MSN TEST 2

With MSN Pass Sender: We configure this password stealer (here named roberto) and launch it: Here the fake process crss.exe is launched: Now the fake crss.exe install its windows hooks via msvbvm60.dll: hijack.exe launched via cmd trie to modify lsass.exe:...

Lire la suite

ROOTKIT TEST

ROOTKIT TEST

Here we just illustrate some rootkit behaviours and show detection by some well known or not anti-rootkit tools.For more information, it can be suited to take a look at the next version of my article which will be updated this summer. NB.Srip32.exe is...

Lire la suite

MAN in the MIDDLE TEST with SSLAGY (R)

MAN in the MIDDLE TEST with SSLAGY (R)

This tool designed by a french specialist is a Proof of Concept wich illustrates HTTPS Man in the Middle attack via Internet Explorer.This tool has been renamed for TOS reasons, and is currently not detected by antivirus (false positives on the next screenshot):...

Lire la suite

MSN TESTS

MSN TESTS

With MSN to CGI: This tool uses a kind of social engineering attack in order to delude the user.Firstly it terminates the real Messenger, and replaces it by a fake one; then the user is prompted to type its MSN ID (mail, password) which can after be sent...

Lire la suite

HOOKDUMP Requests

NB.This old keylogger is designed for 16 bits and not win32 system, that's why ntdvm.exe is required.In red, the creation of the log. # Time sent Dur. Process Thread ID DeviceObject IRP Request IRP Flags Nested FileObject FsContext FsContext2 FO Flags...

Lire la suite

PCFlank Leaktest part 2

PCFlank Leaktest part 2

Processes:PID ParentPID User Path --------------------------------------------------272 1476 POSTE2:Administrateur C:Documents and SettingsAdministrateur.POSTE2Mes documentsMes vidéosPCFlankLeaktest.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

PCFlank Leaktest

PCFlank Leaktest

This is the new version of the PCFlank Leaktest. Since there's no "allow/permit" rule for the browser (in our case Internet Explorer), we can't consider that it bypasses firewalls.In fact this leaktest just demonstrates a classical method of spying via...

Lire la suite

FIREFOX DoS exploit

Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:02:10.984 0 msimn.exe IRP_MJ_QUERY_INFORMATION 00000010 E19D50D0 C:Program FilesOutlook Expressmsimn.exe STATUS_SUCCESS FileNameInformation2 19:02:11.000 0 msimn.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

<< < 1 2 3 > >>