- Sep 2, 2021
- 2,309
I like your idea
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right?
On the other hand, I'm going to have to find some malware not known to VirusTotal
Make your video test requests!
- Thread starter Shadowra
- Start date
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right?
On the other hand, I'm going to have to find some malware not known to VirusTotal
- Feb 28, 2023
- 128
Completely unknown sample? For simulating targeted attacks?I like your idea
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right?
On the other hand, I'm going to have to find some malware not known to VirusTotal
You can do it yourself, although CobaltStrike is expensive, but there are many free alternatives.
MetaSploit+Venom/NimLoader, PoshC2, Sliver, Nimbo-C2, Empire are all free.
Most of the IDC I have contacted have a positive and supportive attitude towards this attack simulation test, so as long as you contact the IDC/VPS supplier in advance, they will not oppose you to do so, and if you accidentally leak the sample to the Internet, they will help you block some abuse complaints that are not clear.
I often help people remove malware, maybe you could do some tests where you infect the machine with malware and then enable protection. It would be fun to see who is good at disinfecting a machine. I suppose AVs that have rollback would do better?I like your idea
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right?
On the other hand, I'm going to have to find some malware not known to VirusTotal
- Sep 2, 2021
- 2,309
Practical Response
Level 7
- Mar 10, 2024
- 339
1. The point is to use good habits and see how it fairs, not can one mess s machine up and see it it fixes itself.I like your idea
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right?
On the other hand, I'm going to have to find some malware not known to VirusTotal
2. That's the same as having to hand pick malware that will bypass any product you test and see if it fails.
Thank you for making my point.
- Mar 2, 2023
- 794
Good point, as if a person hypothetically let themselves get to that point, what irreversible damage (or stolen data) may have occurred that would require a complete Windows reinstall/reset that an AV couldn't repair?
Maybe continue testing for prevention. Let alone what was mentioned a day or two ago about testing combinations of AVs and other security apps could keep Shadowra busy for years with the possible 425 different combinations
Practical Response
Level 7
- Mar 10, 2024
- 339
Rather the point being if a person "intentionally" messes up their machine to see if it repairs itself.Good point, as if a person hypothetically let themselves get to that point, what irreversible damage (or stolen data) may have occurred that would require a complete Windows reinstall/reset that an AV couldn't repair?
Maybe continue testing for prevention. Let alone what was mentioned a day or two ago about testing combinations of AVs and other security apps could keep Shadowra busy for years with the possible 425 different combinations
With admin privileges and malicious intentions a user could give their OS and just about any product a bad day.
I just want to see a test of a machine where the user has good habits, uploads all unknown and known downloads and urls to VT when unsure, how they would fair.
Not a set for failure video, hand picking it's doom. A legit in the wild not POC or handpicked, good habit video.
Any chance of doing an updated Norton review? I would be curious to see how Sonar Behavioral protection works these days. It would be interesting to see if any benefits from their acquisitions of Avira and Avast are flowing through to their Norton Antivirus product
- Dec 10, 2022
- 264
I second that norton should be tested as it appears no one has tested them recently.
- Sep 2, 2021
- 2,309
- Nov 10, 2022
- 28
- Nov 9, 2022
- 284
Nothing new, still the same as before, Norton is very solid and recommendable.
- Sep 2, 2021
- 2,309
I've just shot 2 videos tonight and 2 more are on the way!
I remind you that if I ever forget your request (which can happen, I'm still human), don't hesitate to remind me, I'll do my best
I remind you that if I ever forget your request (which can happen, I'm still human), don't hesitate to remind me, I'll do my best
Some nice improvements to Sentinelone, maybe you can test it again in the future.
ibb.co
Screenshot-30-3-2024-172857-euce1-110-nfr-sentinelone-net hosted at ImgBB
Image Screenshot-30-3-2024-172857-euce1-110-nfr-sentinelone-net hosted in ImgBB
ibb.co
Attachments
- Sep 2, 2021
- 2,309
Some nice improvements to Sentinelone, maybe you can test it again in the future.
Screenshot-30-3-2024-172857-euce1-110-nfr-sentinelone-net hosted at ImgBB
Image Screenshot-30-3-2024-172857-euce1-110-nfr-sentinelone-net hosted in ImgBB
Go @ShenguiTurmi ? (Since you're the one managing the AV company
)
Practical Response
Level 7
- Mar 10, 2024
- 339
How about a good habit vs security test.
I will link a video below I recently posted for a how to extract the proof you would need.
Grab a copy of wireshark and place it in your test machine. Grab some "rats" or aka "infostealers" to test against for the desktop folder. Create fake credentials through out the test system in the browser, notepad ect. This time instead of static testing, make this a dynamic test only. Start wireshark before you start the test thus creating a pcap "packet capture" of the entire test. Execute each sample, giving some space "time intervals" in between each one, to see if the product not only stops the infection, but at the end, you will be able to use the pcap from wireshark to see if the product actually stopped it in time before information was leaked, thus saving the user from themselves since most of these are done via phishing emails. Knowledge, common sense and good habits vs security, video to see which would spare a user his/her credentials.
Post in thread 'What are you Browsing Now?' What are you Browsing Now?
I will link a video below I recently posted for a how to extract the proof you would need.
Grab a copy of wireshark and place it in your test machine. Grab some "rats" or aka "infostealers" to test against for the desktop folder. Create fake credentials through out the test system in the browser, notepad ect. This time instead of static testing, make this a dynamic test only. Start wireshark before you start the test thus creating a pcap "packet capture" of the entire test. Execute each sample, giving some space "time intervals" in between each one, to see if the product not only stops the infection, but at the end, you will be able to use the pcap from wireshark to see if the product actually stopped it in time before information was leaked, thus saving the user from themselves since most of these are done via phishing emails. Knowledge, common sense and good habits vs security, video to see which would spare a user his/her credentials.
Post in thread 'What are you Browsing Now?' What are you Browsing Now?
Last edited:
- Sep 2, 2021
- 2,309
Hello
Here are the 3 tests I'll be publishing at the beginning of next week (it's starting to get nice in my house, so I'm resting a bit ^^ )
I'll get back to you as soon as these 3 videos are out. Note that I updated my recording software, the image will be better
Enjoy!
Here are the 3 tests I'll be publishing at the beginning of next week (it's starting to get nice in my house, so I'm resting a bit ^^ )
I'll get back to you as soon as these 3 videos are out. Note that I updated my recording software, the image will be better
Enjoy!
LoneWolf...
Level 1
- Feb 26, 2023
- 2
- Dec 10, 2022
- 264
Updated test with AVG internet security its actually very good on Stealer malware where other Av's fail. I usually set the AV's sensitivity to high for detections.
Similar threads
