Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Finding a Cybereason reseller
Message
<blockquote data-quote="Trident" data-source="post: 1046184" data-attributes="member: 99014"><p>You can use Bitdefender as well as you can use VirusTotal. Both won’t help if you were an attacker as VirusTotal detections are frequently different (sometimes for better, sometimes for worse) and Bitdefender will just throw a trojan.genericKD.xxxxx at you. VT is also a threat intelligent portal so attackers avoid it, they mostly use Joti. You also won’t really be sure why Bitdefender detects. If you look around in the EDR you will see API calls and others. Maybe you will try to do it via different api calls. Or if you see a detection from the sort of Gen.PowerShell.Hidden.B (this is a real name I’ve seen), maybe you can try not hiding the PowerShell window, who understands what’s on there anyway. Where emulations are involved, the attacker won’t be able to test it and see if there is detection or which Yara signatures triggered it.</p><p></p><p>So in any case, providing the software just to authorised businesses has some benefit in terms of preventing bypasses as well as exploits. The attacker won’t pay this money just to obtain a copy for trial and error.</p></blockquote><p></p>
[QUOTE="Trident, post: 1046184, member: 99014"] You can use Bitdefender as well as you can use VirusTotal. Both won’t help if you were an attacker as VirusTotal detections are frequently different (sometimes for better, sometimes for worse) and Bitdefender will just throw a trojan.genericKD.xxxxx at you. VT is also a threat intelligent portal so attackers avoid it, they mostly use Joti. You also won’t really be sure why Bitdefender detects. If you look around in the EDR you will see API calls and others. Maybe you will try to do it via different api calls. Or if you see a detection from the sort of Gen.PowerShell.Hidden.B (this is a real name I’ve seen), maybe you can try not hiding the PowerShell window, who understands what’s on there anyway. Where emulations are involved, the attacker won’t be able to test it and see if there is detection or which Yara signatures triggered it. So in any case, providing the software just to authorised businesses has some benefit in terms of preventing bypasses as well as exploits. The attacker won’t pay this money just to obtain a copy for trial and error. [/QUOTE]
Insert quotes…
Verification
Post reply
Top