Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Bypassing ESET NOD32 Antivirus using Fileless
Message
<blockquote data-quote="Emmanuellws" data-source="post: 696921" data-attributes="member: 60108"><p>So far, Kaspersky...gaining shell access as current user is easy...but gaining full access as "system" is very hard...and Kaspersky has the best HIPS so far able to detect Meterpreter session from Metasploit in the memory. I believe they used similar in-memory detection code from this <a href="https://github.com/rvazarkar/antipwny" target="_blank">GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit</a> If your antivirus do not detect Metasploit meterpreter session, please notify your vendor. Tell them about this <a href="https://github.com/rvazarkar/antipwny" target="_blank">GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit</a> C# code which detects Metasploit Meterpreter session and kills the process if it detects one.</p><p></p><p>Stick with ESET, install <a href="https://github.com/rvazarkar/antipwny" target="_blank">GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit</a> and see if it causes any incompatibility. If it can run along, then it is good...but bear in mind this is 4 years old code but it still works well detecting and killing Metasploit Meterpreter session.</p><p></p><p>Other pentesters also share the same oppinions that Kaspersky's System Watcher is the real deal,</p></blockquote><p></p>
[QUOTE="Emmanuellws, post: 696921, member: 60108"] So far, Kaspersky...gaining shell access as current user is easy...but gaining full access as "system" is very hard...and Kaspersky has the best HIPS so far able to detect Meterpreter session from Metasploit in the memory. I believe they used similar in-memory detection code from this [URL='https://github.com/rvazarkar/antipwny']GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit[/URL] If your antivirus do not detect Metasploit meterpreter session, please notify your vendor. Tell them about this [URL='https://github.com/rvazarkar/antipwny']GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit[/URL] C# code which detects Metasploit Meterpreter session and kills the process if it detects one. Stick with ESET, install [URL='https://github.com/rvazarkar/antipwny']GitHub - rvazarkar/antipwny: A host based IDS written in C# Targetted at Metasploit[/URL] and see if it causes any incompatibility. If it can run along, then it is good...but bear in mind this is 4 years old code but it still works well detecting and killing Metasploit Meterpreter session. Other pentesters also share the same oppinions that Kaspersky's System Watcher is the real deal, [/QUOTE]
Insert quotes…
Verification
Post reply
Top