Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Bypassing ESET NOD32 Antivirus using Fileless
Message
<blockquote data-quote="danb" data-source="post: 693735" data-attributes="member: 62850"><p>I am assuming the .bat payload was a “simulated” email attachment, which the user launches. A lot of modern malware / ransomware attacks originate as batch files or powershell scripts, so in my opinion this part is realistic.</p><p></p><p>Probably the only obstacle the attacker would encounter would be, as Opcode pointed out, getting around the LAN… which a lot of pen testers insist, is not an issue…. assuming a targeted attack. As we have seen with recent attacks, this appears to be possible, in my opinion.</p><p></p><p>The other thing is… I really wish pen testers would quit launching notepad, calc (or other similar Windows processes) to demonstrate a bypass. They should drop a file to appdata and demonstrate that the dropped file can be launched.</p><p></p><p>So if the pen tester can demonstrate this test outside of the LAN, and drop and execute the payload from appdata, then it would be a true bypass.</p></blockquote><p></p>
[QUOTE="danb, post: 693735, member: 62850"] I am assuming the .bat payload was a “simulated” email attachment, which the user launches. A lot of modern malware / ransomware attacks originate as batch files or powershell scripts, so in my opinion this part is realistic. Probably the only obstacle the attacker would encounter would be, as Opcode pointed out, getting around the LAN… which a lot of pen testers insist, is not an issue…. assuming a targeted attack. As we have seen with recent attacks, this appears to be possible, in my opinion. The other thing is… I really wish pen testers would quit launching notepad, calc (or other similar Windows processes) to demonstrate a bypass. They should drop a file to appdata and demonstrate that the dropped file can be launched. So if the pen tester can demonstrate this test outside of the LAN, and drop and execute the payload from appdata, then it would be a true bypass. [/QUOTE]
Insert quotes…
Verification
Post reply
Top