Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="Andy Ful" data-source="post: 853158" data-attributes="member: 32260"><p>"This test <span style="color: rgb(184, 49, 47)"><strong>allocates a piece of non-executable memory on the heap and copies shellcode</strong></span> <span style="color: rgb(0, 168, 133)"><strong>to start calc.exe</strong></span></p><p>to this memory. <span style="color: rgb(184, 49, 47)"><strong>Then it jumps to that shellcode</strong></span>. This will trigger a DEP exception which, in case of</p><p>HitmanPro.Alert, will be intercepted."</p><p>Like several methods in this test, it is constructed from two parts: <span style="color: rgb(184, 49, 47)"><strong>Exploiting method </strong></span><strong>+</strong><span style="color: rgb(0, 168, 133)"> <strong>executing the payload</strong></span></p><p></p><p>HitmanPro will detect and block the <span style="color: rgb(184, 49, 47)"><strong>exploiting method</strong></span> - this is what anti-exploit should do.</p><p>OSA will block the <span style="color: rgb(0, 168, 133)"><strong>payload execution</strong></span>, as post-exploitation (post-infection) prevention.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 853158, member: 32260"] "This test [COLOR=rgb(184, 49, 47)][B]allocates a piece of non-executable memory on the heap and copies shellcode[/B][/COLOR] [COLOR=rgb(0, 168, 133)][B]to start calc.exe[/B][/COLOR] to this memory. [COLOR=rgb(184, 49, 47)][B]Then it jumps to that shellcode[/B][/COLOR]. This will trigger a DEP exception which, in case of HitmanPro.Alert, will be intercepted." Like several methods in this test, it is constructed from two parts: [COLOR=rgb(184, 49, 47)][B]Exploiting method [/B][/COLOR][B]+[/B][COLOR=rgb(0, 168, 133)] [B]executing the payload[/B][/COLOR] HitmanPro will detect and block the [COLOR=rgb(184, 49, 47)][B]exploiting method[/B][/COLOR] - this is what anti-exploit should do. OSA will block the [COLOR=rgb(0, 168, 133)][B]payload execution[/B][/COLOR], as post-exploitation (post-infection) prevention. [/QUOTE]
Insert quotes…
Verification
Post reply
Top