cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
An overview of a file I will be using for the next few weeks:
Those Nasty RATS Part 1
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Darn, I wonder if Edward Snowden was using RAT's to spy on us?
@cruelsister Nice Video... remembered that RAT icon from the video you made a few months ago!
Now AppGuard is always on Locked Down cause of that video...
@cruelsister as your gonna do a sandbox video first(my guess it will only be Comodo & SBIE), would you please add some suggested setting in the comment section. Thanks!
Now AppGuard is always on Locked Down cause of that video...
@cruelsister as your gonna do a sandbox video first(my guess it will only be Comodo & SBIE), would you please add some suggested setting in the comment section. Thanks!
Last edited:
Great eyeopener video as always ... but i smell a true Greek tragedy in next parts .... ;(
question : since my CFW has sandbox with unknown exe disabled (so no sandbox no matter of source if file is rated as unknown by Commodo) : is possibile to create this dll in memory and load regsrv via fileless exploit of various explooit kits ?
question : since my CFW has sandbox with unknown exe disabled (so no sandbox no matter of source if file is rated as unknown by Commodo) : is possibile to create this dll in memory and load regsrv via fileless exploit of various explooit kits ?
cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
I don't want to tip my hand at this point, but Comodo will be reviewed in detail in the last part of the series. Currently I'm still working out various stuff so I couldn't give a definitive answer now (but I really like the way you think!).
Duo- As intimated above, the Comodo settings will be the star in the final video.
(Evgeny- You really prefer Elton to Sinead for this song?)
Duo- As intimated above, the Comodo settings will be the star in the final video.
(Evgeny- You really prefer Elton to Sinead for this song?)
Interesting, RAT is one the primary problems nowadays which definitely can use in such dramatic purposes,
You want to have gain access? Then definitely a deadly piece of tool to track it. AV's still a hit and miss there.
You want to have gain access? Then definitely a deadly piece of tool to track it. AV's still a hit and miss there.
I am afraid that there is many more commercial grade RAT on the market as we think, that are unknown to us, and some of them are below 1000 eur range. In wikileaks published emails of Hacker-team one can fell magnitude od such RAT development.
Here is overview of recent target attack with customized RAT
http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf
Anatomy of targetet attack on specific jurnalist
Hacking Team and the Targeting of Ethiopian Journalists
Since best samples of these threats are polimorphic (even on the fly), we must forget to any signature based "antivirus" and "anti-malware" solution.
Until now i was sure locked down computer with "default deny everything" policy of Comodo would help me here, but after last confirmed fileless memory vectors of attack and process injects/kidnapp i am lost .... so waiting to cruelsis results on this one.
There is no signature to these RAT, every customer gets customized-freesh sample, if target sre big enough even custom CC url. And combinated all that facts with valid signature .... its really hard to think on any defense.
Here is overview of recent target attack with customized RAT
http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf
Anatomy of targetet attack on specific jurnalist
Hacking Team and the Targeting of Ethiopian Journalists
Since best samples of these threats are polimorphic (even on the fly), we must forget to any signature based "antivirus" and "anti-malware" solution.
Until now i was sure locked down computer with "default deny everything" policy of Comodo would help me here, but after last confirmed fileless memory vectors of attack and process injects/kidnapp i am lost .... so waiting to cruelsis results on this one.
There is no signature to these RAT, every customer gets customized-freesh sample, if target sre big enough even custom CC url. And combinated all that facts with valid signature .... its really hard to think on any defense.
Last edited:
When u are using comodo with right settings, you dont need apguard.
I was not aware of that
To watch your videos is the best malware school I could find free or paid
Looking forward to learn more
Thank you for sharing your value knowledge with us
To watch your videos is the best malware school I could find free or paid
Looking forward to learn more
Thank you for sharing your value knowledge with us
You may also like...
-
iDefender Free (Presentation & Reviews)- Started by Shadowra
- Replies: 14
-
Microsoft Defender Antivirus feat AI Defender
- Started by Shadowra
- Replies: 13
-
-
Qihoo 360 Free Total Security 2025
- Started by Shadowra
- Replies: 28
-
