Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
"Bypassing" NoVirusThanks EXE Radar Pro
Message
<blockquote data-quote="509322" data-source="post: 619649"><p>LOL... the guy (I think Alessandro) that asked Black Cipher Security to test NVT ERP wanted him to test the most recent stable build of ERP with the default Vulnerable Process List - which includes both cmd.exe and powershell.exe on it - to verify that ERP would protect a home system.</p><p></p><p>However, Black Cipher Security tested ERP from an Enterprise perspective - and not a home use one. So however he chose the version of ERP - whether deliberately or by chance - he used the old stable version that does not include powershell.exe on the default Vulnerable Process List and he probably removed cmd.exe from the list as well.</p><p></p><p>If bypassuac is still using Invoke-BypassUAC.ps1 (or whatever the pen-test community is passing around at the moment), then there would have been an alert for powershell.exe in the most recent stable build of ERP. Even in the old stable version of ERP there should be an alert if cmd.exe is launched. As there are no cmd.exe alerts in the video, one of the possible reasons is that he removed cmd.exe from the Vulnerable Process List.</p><p></p><p>For the guys who wanted or are interested in the ERP test and its results, Black Cipher Security should have shown the Vulnerable Process List - and not just the Settings (which for the most part are irrelevant).</p><p></p><p>The only thing that people here wanted to know is "Will ERP protect against this type of attack ?" But the video creator performed a test that was not asked for. It's a change-up and sowing confusion. It's simple, home users want a test of actual home use and not Enterprise. The version of ERP and the ERP VPL was probably modified to allow scripts as if ERP were being used in a corporate environment.</p><p></p><p>Black Cipher Security should be given a break on this one as he probably did not know that the users he was interacting with are home users and wanted ERP tested from that perspective.</p></blockquote><p></p>
[QUOTE="509322, post: 619649"] LOL... the guy (I think Alessandro) that asked Black Cipher Security to test NVT ERP wanted him to test the most recent stable build of ERP with the default Vulnerable Process List - which includes both cmd.exe and powershell.exe on it - to verify that ERP would protect a home system. However, Black Cipher Security tested ERP from an Enterprise perspective - and not a home use one. So however he chose the version of ERP - whether deliberately or by chance - he used the old stable version that does not include powershell.exe on the default Vulnerable Process List and he probably removed cmd.exe from the list as well. If bypassuac is still using Invoke-BypassUAC.ps1 (or whatever the pen-test community is passing around at the moment), then there would have been an alert for powershell.exe in the most recent stable build of ERP. Even in the old stable version of ERP there should be an alert if cmd.exe is launched. As there are no cmd.exe alerts in the video, one of the possible reasons is that he removed cmd.exe from the Vulnerable Process List. For the guys who wanted or are interested in the ERP test and its results, Black Cipher Security should have shown the Vulnerable Process List - and not just the Settings (which for the most part are irrelevant). The only thing that people here wanted to know is "Will ERP protect against this type of attack ?" But the video creator performed a test that was not asked for. It's a change-up and sowing confusion. It's simple, home users want a test of actual home use and not Enterprise. The version of ERP and the ERP VPL was probably modified to allow scripts as if ERP were being used in a corporate environment. Black Cipher Security should be given a break on this one as he probably did not know that the users he was interacting with are home users and wanted ERP tested from that perspective. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
