actualy its already poping out as "paid services" at some "other" places... so its a matter of time (little if i may) untill we have fileless malwares and oher malwares running this kind of measure against cis and xcitium...
Comodo Internet Security 2025 was obliterated by an exploit!
- Thread starter vitao
- Start date
Yes, it is probable in targeted attacks against businesses.
Improbable in widespread attacks against home users (Comodo is not a popular solution).
Last edited:
Does the simplified attack work?
archive with payloads ----> archive unpacked ---> the benign application executed as Administrator ---> DLL hijacking .....
It is possible as a ClickFix attack (method used recently in the wild). Such an attack is very simple (no exploit) and should not trigger containment. Furthermore, a similar method can be dangerous also for other AVs.
Last edited:
Yes! In fact, LummaStealer(in the wild too) also does thisDoes the simplified attack work?
archive with payloads ----> archive unpacked ---> the benign application executed as Administrator ---> DLL hijacking .....
It is possible as a ClickFix attack (method used recently in the wild). Such an attack is very simple (no exploit) and should not trigger containment. Furthermore, a similar method can be dangerous also for other AVs.
Setup.exe - a trusted file with a valid digital signature
SdAppServices_x64.dll – Malicious DLL, Shellcode Loader
lmemets, yajfl - encrypted Shellcode
I had in mind if you tried to kill Comodo in that way instead of bypassing the sandbox.
I assume that the benign application in your test does not ask for elevation so you used bypass to to elevate in the sandbox and create the service. Next, the service could run DLL hijacking with high privileges. I think that the same can be done without the containment bypass just by running the benign application with admin rights (via "Run as administrator") to apply DLL hijacking and run TDSSKiller. But I am not sure if anyone tried this against Comodo.
Last edited:
i saw some lumma being blocked by cis in some tests of mine. do you guys have any sample or any file of your own so i can test it against cis?
btw xcitium banned me from their forum and removed all topics about cis/xcitium exploit.
btw xcitium banned me from their forum and removed all topics about cis/xcitium exploit.
Can you test the POCs in Comodo Virtual Desktop?i saw some lumma being blocked by cis in some tests of mine. do you guys have any sample or any file of your own so i can test it against cis?
btw xcitium banned me from their forum and removed all topics about cis/xcitium exploit.
did you mean virtual kiosk? if so, there is no need. vk uses the same structure of sandbox so the poc will bypass it.
I vaguely remember that virtual desktop or shopping protection came with added security measures. Regardless, I doubt it will affect the outcome of the test.
F
ForgottenSeer 114717
Comodo does not market CIS\CFW. Please do not provide a link to a URL because that is not marketing.
Because the software has $0 revenue and therefore nobody in their right mind would ever spend a lot on fixing issues. CIS\CFW is in perpetual maintenance or out-of-date. And that is fine because it generates $0 revenue. There are no dedicated Comodo staff to support, bug fix, or further develop it. Melih gets his programmers to look at it once every three or four years. This is fine.
It is freeware. You accept what Comodo gives you and if you cannot, Melih wants you to go use something else. He is so happy to see you go use something else. He does not want you using his product.
i replayed to to vitao comment about Xcitium EDR Client he bypassed and it is marketed with false claims to enterprises (comodo is the same base but less updated and has less rules etc) and regardless it is important that severe bypasses are fixed in security software free or paid
guys, please, dont fight. comodo is not fighting... they released a new 2025 edition fixing the certi issue and it only took 2 months... maybe another 2 years they fix the exploit/poc thing in cis and xcitium... lets have faith
btw, a new video showing every fcking options in cis 2025 is on the way. in fact its already at the channel but the video is long... 1h20min mor ou less... ill try to bring subs for it but maybe its not worth it as many will not watch it anyway...
btw, a new video showing every fcking options in cis 2025 is on the way. in fact its already at the channel but the video is long... 1h20min mor ou less... ill try to bring subs for it but maybe its not worth it as many will not watch it anyway...
F
ForgottenSeer 114717
Nope. Not if there is $0 revenue supporting the product.
All free software - ALL PAID SOFTWARE - is offered "As Is." No developer has any obligation to fix bugs or patch its software. At least not a contractual obligation since every software EULA absolves the developer of any liability. The only instance where a developer is liable is if their software causes physical or bodily damage. Then that is no longer about the EULA, but gets into the realm of product negligence and liability.
Everybody that uses software - whether home user, enterprise, or government - does so at their own risk. If anybody uses security software and ends up infected, it is always 100% on them. That is an established rule of global law for security software as a product.
F
ForgottenSeer 114717
Melih will never fix it. There is no dedicated development staff for the Comodo code base. The developers at Comodo are shuffled around from project to project. That is how it has always been. For CIS\CFW a few developers are given a window of a few months to work on it. Because they are needed elsewhere - on projects that bring in revenue dollars. This makes perfect economic sense.guys, please, dont fight. comodo is not fighting... they released a new 2025 edition fixing the certi issue and it only took 2 months... maybe another 2 years they fix the exploit/poc thing in cis and xcitium... lets have faith
There for a while Melih hired China-based Haibo Zhang to be the Comodo Product\Project Manager, but he left years back and has never been replaced. Right about the time that CIS\CFW developed stopped 3 or 4 years ago.
For the price that Melih is charging for Xcitium, he will never have enough revenue to make the Comodo code-base any better than it is right now. A software product has to generate at least $1 MM USD for every 3 to 4 full-time personnel that support it (only 1 of those 3 or 4 people are software engineers). Comodo earns $0 and Xcitium might generate $500,000 per year. So you get 1.5 or 2 full-time people to support the product. Of those 1.5 or 2 people, you get 3/8ths to 1/2 of a developer. That translates to 1 developer working 780 to 1020 hours per year on a software code base. At Comodo companies, that developer has to do everything. Fix bugs. Develop new features. Unit test. Fix driver issues. Configure and maintain all of the supporting infrastructure. Create install packages. Perform all QA\QC. They have to do the entire supporting sysadmin of the infrastructure, software engineering, and the entire DevOps. Maybe in 10 years that developer can get around to fixing all the bugs and other problems, assuming that the underlying operating system remains essentially static over that same time period.
¯\_(ツ)_/¯
Last edited by a moderator:
Killing Comodo with disabled LUA:
malwaretips.com
App Review - Comodo's killer.
I created this video as a supplement to the discussion in another thread: https://malwaretips.com/threads/comodo-firewall-bypassing-a-bypass.133411/ The original bypass and Comodo's killer do not work if Core isolation is properly configured on Windows.
malwaretips.com
F
ForgottenSeer 114717
Why do people who want Comodo to be a more refined product not establish and promote a GoFundMe for the product?
Or suggest to Melih that he create a GoFundMe?
The fundamental issue with the product is a very simple one to understand: Melih owns the product, it generates virtually no revenue, and since Day 1 he as spent millions of his own money to subsidize the product and give it away. Well, he's not willing to spend any more on the product other than to keep it alive. There is no dedicated development team for the source code, and that means there is nobody to fix bugs and make the product more polished.
Without a revenue stream to support its development, Comodo will never be any better than it is right now. Without bringing in substantial money, it shall always be a 1000-bug, broken feature freeware.
Or suggest to Melih that he create a GoFundMe?
The fundamental issue with the product is a very simple one to understand: Melih owns the product, it generates virtually no revenue, and since Day 1 he as spent millions of his own money to subsidize the product and give it away. Well, he's not willing to spend any more on the product other than to keep it alive. There is no dedicated development team for the source code, and that means there is nobody to fix bugs and make the product more polished.
Without a revenue stream to support its development, Comodo will never be any better than it is right now. Without bringing in substantial money, it shall always be a 1000-bug, broken feature freeware.
Last edited by a moderator:
but who said that?
comodo is lucrative as xcitium as itariam as valkyrie, as any other softwares from melih company.
the problem is really simple. they dont have people who know how to solve the issues and what they have are looking at xcitium. the prove of it is that the same exploit/poc that destroys cis containment do the same with xcitium and there is no response from xcitium nor comodo about it. the flaw exists. its a big problem. xcitium users, who are the paid ones, are not secured and even so, they dont get any update regardless this...
You may also like...
-
Comodo Exploited : ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security- Started by Khushal
- Replies: 11
-
-
Three Unpatched Vulnerabilities Plague Comodo. Documented Online.- Started by Trident
- Replies: 348
-
-
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild- Started by Gandalf_The_Grey
- Replies: 2