How would one get passed voodoo shield?

SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
First the easier method is the user allowing something bad. Then we have running smart or autopilot and it fails to detect a virus, VS is exploited and finally by a method that VS doesn't protect from.
 
  • Like
Reactions: Bogdan Duman, DardiM, Logethica and 5 others
L

LukeNukesEm

Level 5
Thread author
Verified
Sep 14, 2016
204
_CyberGhosT_ said:
Luke, were a security themed site, this is a question for a very dif type of site, please don't pursue
this here. I could be wrong though, If I am a mod can delete this reply.
Click to expand...
I was asking this to use whatever methods I can learn from how they would get passed voodoo shield. For example I now know to be more aware of what apps I allow with voodoo shield.

SHvFl said:
First the easier method is the user allowing something bad. Then we have running smart or autopilot and it fails to detect a virus, VS is exploited and finally by a method that VS doesn't protect from.
Click to expand...
So if I were very aware of what I allow, voodoo shield practically makes me near bullet-proof?
 
Last edited by a moderator:
  • Like
Reactions: Bogdan Duman, DardiM, Logethica and 2 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
LukeNukesEm said:
I was asking this to use whatever methods I can learn from how they would get passed voodoo shield
Click to expand...
Still poorly worded but VS is very secure, it is you who would be more likely to let something through than for VS to fail you Like Huracan points out.
Still even if a user here knew how to bypass VS, I assure you it would not be posted here.
 
  • Like
Reactions: DardiM, Deleted member 2913, Andytay70 and 4 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
ExoGen CyberSecurity said:
I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.

In conclusion, I exploit the user and the confusing alerts :)
Click to expand...
Not even close, Voodoo AI would most likely catch the payload, have you ever used VS before ?
 
  • Like
Reactions: Deleted member 2913, Ana_Filiz and askmark
ExoGen CyberSecurity

ExoGen CyberSecurity

Level 3
Verified
Well-known
Sep 17, 2016
113
_CyberGhosT_ said:
Not even close, Voodoo AI would most likely catch the payload, have you ever used VS before ?
Click to expand...

Yes and Yes, like I said before you exploit the confusing alerts :) It's like any other security product (you don't even know what you install or what you allow).

Once you allow something, that is a bypass.
 
  • Like
Reactions: Logethica
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
ExoGen CyberSecurity said:
Yes and Yes, like I said before you exploit the confusing alerts :) It's like any other security product.

Once you allow something, that is a bypass.
Click to expand...
The file approach would be more likely than not to fail, and you should know that if your familiar with VS.
now were back to "User Error" ;)
 
Last edited:
  • Like
Reactions: Deleted member 2913 and askmark
ExoGen CyberSecurity

ExoGen CyberSecurity

Level 3
Verified
Well-known
Sep 17, 2016
113
I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong :)

I'm using Comodo with the best settings you can have and you can still bypass it :)

The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.
 
  • Like
Reactions: Logethica and Ana_Filiz
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
ExoGen CyberSecurity said:
I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong :)

I'm using Comodo with the best settings you can have and you can still bypass it :)

The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.
Click to expand...
I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.
No software is 100% thats common knowledge. ;)
 
  • Like
Reactions: Deleted member 2913, Ana_Filiz, askmark and 1 other person
ExoGen CyberSecurity

ExoGen CyberSecurity

Level 3
Verified
Well-known
Sep 17, 2016
113
_CyberGhosT_ said:
I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.
No software is 100% thats common knowledge. ;)
Click to expand...

This is the same with any security product, the human factor is the most important because he/she must know what to allow or what to block, it's the same with firewalls and the list goes on. That's why you should always have a second opinion scanner if you use some type of Default Deny, HIPS and so on.

Also, that's why I never recommend a security product to anyone.
 
  • Like
Reactions: Logethica and Ana_Filiz
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
hjlbx said:
Browser exploit that abuses whitelisted Windows processes - e.g. NET Framework, msiexec, etc - and \ or use memory exploits.
Click to expand...
My understanding from what Dan has said on the other forum is Web apps are protected and cannot run vulnerable system processes. Would that mitigate the risk of the type of exploit you are referring to?
 
  • Like
Reactions: Logethica, Deleted member 2913 and _CyberGhosT_
ExoGen CyberSecurity

ExoGen CyberSecurity

Level 3
Verified
Well-known
Sep 17, 2016
113
VoodooShield can't be bypassed by Browser attacks, from what I tested you can bypass VoodooShield if you do it yourself (I tested in Auto-Pilot), what I'm saying is if you click on the alert and allow it. There is a high chance that you can bypass it with sponsored type attacks or some type of gov attack (targeted for VoodooShield).
 
  • Like
Reactions: Logethica and Ana_Filiz
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
askmark said:
My understanding from what Dan has said on the other forum is Web apps are protected and cannot run vulnerable system processes. Would that mitigate the risk of the type of exploit you are referring to?
Click to expand...
Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark :)
 
  • Like
Reactions: Deleted member 2913 and askmark
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
_CyberGhosT_ said:
Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark :)
Click to expand...
Thank you. Well, we can't have people who might read this thread think VS isn't a credible security layer to have on your PC. That would be an injustice.
 
  • Like
Reactions: Logethica, Deleted member 2913, Ana_Filiz and 1 other person
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
ExoGen CyberSecurity said:
I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.

In conclusion, I exploit the user and the confusing alerts :)
Click to expand...
Can you provide a video demonstration? I'd be interested and it would help the Dev's too
 
  • Like
Reactions: Logethica, Deleted member 2913, Ana_Filiz and 3 others
You must log in or register to reply here.

Similar threads

cartaphilus
    • Like
Question What good is Voodoo shield?
Replies
6
Views
1,145
VoodooShield
ForgottenSeer 100397
F
C
Advice Request VoodooShield and Windows Powershell
Replies
10
Views
744
VoodooShield
simmerskool
simmerskool
cartaphilus
    • Like
Battle Got a New Laptop that is forced to run win10 - how should I harden it w/o affecting performance?
Replies
8
Views
948
Software Comparison
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top