Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Advanced Threat Protection Test 2021 – Consumer
Message
<blockquote data-quote="Andy Ful" data-source="post: 964313" data-attributes="member: 32260"><p>Among 15 testing scenarios, there is an interesting sample nr 14 (corrected numbering) that managed to bypass the protection of 4 AVs. In the case of Avast, it was most probably blocked by Cyber Capture.</p><p>The attack was performed via spearphishing link, so the EXE file (masquerading werfault.exe) was downloaded/executed (MOTW added by the web browser). The MOTW is required for an EXE file to trigger Cyber Capture, so the file was uploaded and detonated in the cloud sandbox.</p><p></p><p>Another interesting example is sample nr 12 (corrected numbering). This sample could bypass 5 AVs (including Avast). The Avast CyberCapture could not block it. This attack is similar to scenario 14 (which was blocked by Avast). There is a note about this in the report:</p><p></p><p></p><p></p><p>Edit.</p><p>Post edited to include the corrections due to scenario numbering error in the online report.</p><p>I removed the note about scenario 12 (incorrect numbering) because, in fact, it was about scenario 13 (correct numbering). This scenario was blocked by Avast (script was blocked). If this script was not blocked then CyberCapture could not detect the DLL sideloading technique.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 964313, member: 32260"] Among 15 testing scenarios, there is an interesting sample nr 14 (corrected numbering) that managed to bypass the protection of 4 AVs. In the case of Avast, it was most probably blocked by Cyber Capture. The attack was performed via spearphishing link, so the EXE file (masquerading werfault.exe) was downloaded/executed (MOTW added by the web browser). The MOTW is required for an EXE file to trigger Cyber Capture, so the file was uploaded and detonated in the cloud sandbox. Another interesting example is sample nr 12 (corrected numbering). This sample could bypass 5 AVs (including Avast). The Avast CyberCapture could not block it. This attack is similar to scenario 14 (which was blocked by Avast). There is a note about this in the report: Edit. Post edited to include the corrections due to scenario numbering error in the online report. I removed the note about scenario 12 (incorrect numbering) because, in fact, it was about scenario 13 (correct numbering). This scenario was blocked by Avast (script was blocked). If this script was not blocked then CyberCapture could not detect the DLL sideloading technique. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
