- Dec 26, 2019
- 287
Sampei Nihira Security Config WinXP (POS Ready2009) 2020
- Thread starter Sampei Nihira
- Start date
- Status
- Dec 26, 2019
- 287
I would like to bring this 3D to your attention:
www.wilderssecurity.com
Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber”
Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber” April 4, 2019...
www.wilderssecurity.com
Any malware can bypass signature if properly obfuscated and encrypted, make them fileless, signed and it is guaranteed to bypass.I would like to bring this 3D to your attention:
Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber”
Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber” April 4, 2019...
About Mimikatz and lsass.exe, if you use a true anti-exploit or a soft protecting lsass.exe memory space like Appguard or the Excubit tool (forgot its name), you should be ok. However this is out if reach of most anti-exe (ERP, OSA, etc...) since they don't have any in-memory process protection (preventing lsass.exe or other processes to be read or modified).
This kind of attacks is the perfect example of anti-exe limitations, they are excellent at blocking malicious parent-child processes but it stop there. You can't just rely solely on them if you want them as main security tool (you need an anti-exploit alongside, i told this since ages).
Last edited by a moderator:
- Dec 23, 2014
- 8,513
Sampei Nihira,
Did you make a comparison of PaleMoon safety to other possible web browsers like K-Meleon, Maxthon 5, or Opera (ver. 36)? All are still patched for security on Windows XP.
Did you make a comparison of PaleMoon safety to other possible web browsers like K-Meleon, Maxthon 5, or Opera (ver. 36)? All are still patched for security on Windows XP.
- Dec 26, 2019
- 287
Stay away from Maxthon especially for privacy reasons.
Roytam1 develops an XP version of K-Meleon but has inferior functionality to New Moon as you well know.
I don't know anyone who still uses Opera36 with XP.
He gave me several problems, a few years ago.
- Dec 26, 2019
- 287
The purpose of 3D on Wilders,from post 6 onwards, is prevention, as usual.
The attacker's aim is to appropriate our Lsass.dmp.
Our aim is to block the creation of this file in our pc.
Those who have read 3D have understood that there are various ways and systems to do this.
I with my Windows XP have prevented all possible methods for creating the file minus one, Process Explorer.
The method with P.E. was highlighted by me.
I do not think it is appropriate to waste time with P.E. in my OS.
If you want I can explain the reason.
Although an OS W.10 protects upstream from this type of attack, I believe that it is beneficial for Wilders and MT members to carry out some tests.
Which unfortunately only me and itman did.
Last edited:
I will tell you honestly, 90% of the discussions in security forums (especially on Wilders, where it involve just a handful of people) are more theoretical than practical.
It is like debating about the result of a meteor impact on Earth.
It is like debating about the result of a meteor impact on Earth.
Which after i quickly read, seems to involve the abuse of lsass.exe, which can be easily prevented by in-memory protection kind of software (unless i overlooked something while quickly reading)
- Dec 26, 2019
- 287
@ to All
The abuse of lsass.exe in creating the dump file with an OS W.10 is mitigated by the OS itself.
I believe in most cases, for what I recommend you check.
In an OS W.XP such abuse must be blocked in the sequence of events that can lead to the success of the attacker.
In my OS I just did this, I ran several tests.
The abuse of lsass.exe in creating the dump file with an OS W.10 is mitigated by the OS itself.
I believe in most cases, for what I recommend you check.
In an OS W.XP such abuse must be blocked in the sequence of events that can lead to the success of the attacker.
In my OS I just did this, I ran several tests.
- Dec 23, 2014
- 8,513
Yes, there were some issues in the year 2016, for example:
Chinese browser Maxthon grants admin rights to malware: researchers · TechNode
The company positioned its browser as being secure and private following the 2013 Edward Snowden scandal.
technode.com
Best Most Secure And Safest Browser in 2020 – PrivacySniffs
privacysniffs.com
The cons are the extensions made by unknown people. So, I would rather use the Adguard DNS, or another safe DNS.
- Dec 26, 2019
- 287
Yes, there were some issues in the year 2016, for example:
Honestly, I read far worse things about Google Chrome, Avast, etc. Furthermore, I could not find anything suspicious about it after the year 2016 (the company is in the US). It looks like the safest browser for Windows XP and Vista (except maybe the PaleMoon).Chinese browser Maxthon grants admin rights to malware: researchers · TechNode
The company positioned its browser as being secure and private following the 2013 Edward Snowden scandal.
Best Most Secure And Safest Browser in 2020 – PrivacySniffs
The cons are the extensions made by unknown people. So, I would rather use the Adguard DNS, or another safe DNS.
Look at this old 3D:
see my post.
Using a browser also means having functionality.
P.S. Pale Moon ranks better than Maxthon in you article.
Last edited:
- Dec 26, 2019
- 287
The Mimikatz discussion on the Wilders forum has ended.
The result for my security configuration, with one exception (P.E.), ended positively.
I hope the
@MT Security Staff
will reevaluate their assessment.
A kind of exception that confirms your rules.
With best regards.
P.S. This my pleading is very little, compared to Humphrey Bogart's final pleading in the movie:
en.wikipedia.org
The result for my security configuration, with one exception (P.E.), ended positively.
I hope the
@MT Security Staff
will reevaluate their assessment.
A kind of exception that confirms your rules.
With best regards.
P.S. This my pleading is very little, compared to Humphrey Bogart's final pleading in the movie:
Knock on Any Door - Wikipedia
Last edited:
Don't hope too much, the actual rules are less strict than the ones I enforced when I was in charge of the security config section.@MT Security Staff
will reevaluate their assessment.
A kind of exception that confirms your rules.
With best regards.
So I don't see any exceptions being made for you. The tags aren't only made to rate your config, but also to inform other members about replicating it.
Those tags aren't considering the user skills or workarounds but only the items used.
XP is vulnerable, so risky is your config.
- Dec 26, 2019
- 287
I don't hope.
The ending of the film, which I have seen, and I have brought to attention is clear.
If you ask yourself "then why?"
I will answer you, if you can find that film, see it and you will know it.
- Dec 23, 2014
- 8,513
I think that it would be much easier to protect a Vista computer.
:
2. Windows Vista (rarely used):
3. Windows 7:
- Stronger design.
- The security patches are still available (manually via Server 2008).
- This is a rarely used Windows version.
- You can use Comodo Firewall or any AV + H_C to lock/unlock the computer in a few minutes.
:2. Windows Vista (rarely used):
3. Windows 7:
Last edited:
- Jan 11, 2020
- 220
@MT Security Staff
will reevaluate their assessment.
But what are you interested in their assessment? The thing that should matter most to you is only one: you have been using your configuration for years, over time you have improved and mastered it. In all this time no virus or anything has ever gone through it. So for you (which you know how to use very well) it is more than good. That's all that matters.
Last edited:
- Jul 6, 2017
- 2,392
I remember it, and the Umbra seal of approved.
- Dec 26, 2019
- 287
I think that it would be much easier to protect a Vista computer.
1. Windows XP (for advanced swimmers only)
- Stronger design.
- The security patches are still available (manually via Server 2008).
- This is a rarely used Windows version.
- You can use Comodo Firewall or any AV + H_C to lock/unlock the computer in a few minutes.
View attachment 232414
2. Windows Vista (rarely used):
View attachment 232415
3. Windows 7:
View attachment 232416
Kon Tiki in the year 1947 crossed the Pacific to arrive Polynesia:
Kon-Tiki expedition - Wikipedia
Last edited:
- Dec 26, 2019
- 287
I think it's a matter of justice.
But if I have to be honest I don't know it well.
It is as if something is not in the right place.
I have read of Security Configurations that use W.10 which may be more at risk than mine.
- Jan 11, 2020
- 220
"Amateurs built the Ark and it was the professionals that built the Titanic"
I see. I feel the same way.
- Dec 26, 2019
- 287
I solved the Mimikatz dump lsass.exe problem with Process Explorer.
You won't believe it but the idea came to me before I fell asleep.
I entered a general blocking rule for Process Explorer.
At the same time, an exception to my Process Explorer path was added.
The mitigations in this case are so varied that any attack would be impossible.
- P.E. works only in my path.
- The latest versions of P.E. although they start in W.XP they malfunction, an attacker will hardly be able to know because the "systeminfo" command does not work in W.XP.
And even if it works in OSA there is a specific rule.
You won't believe it but the idea came to me before I fell asleep.
I entered a general blocking rule for Process Explorer.
At the same time, an exception to my Process Explorer path was added.
The mitigations in this case are so varied that any attack would be impossible.
- P.E. works only in my path.
- The latest versions of P.E. although they start in W.XP they malfunction, an attacker will hardly be able to know because the "systeminfo" command does not work in W.XP.
And even if it works in OSA there is a specific rule.
- Status
Similar threads
