Serious Discussion Sophisticated hacker bypasses powerful antivirus, how?

[Rov123]

If a hacker manages to bypass powerful modern antivirus solutions, such as Kaspersky, and even EDR solutions, what do you think is happening and how is it happening?
Infiltrates into network > infect connected devices with spyware, RAT, and other malware bypassing router's firewall, windows PC antivirus + firewall + EDR, and bypassing other security measures, stay completely hidden and undetected. Also infects other OS, such as MacOS, IOS, Linux Ubuntu OS, which is a completely different code and system on its own.

How hard is it to do this? Does anyone knows? In the hacker's POV, you are essentially up against a team of skilled cybersecurity engineers that created those AV solutions, EDR solutions, operating system, firewall, router, etc. And you're able to bypass them all.

 

[Bot]

Bypassing such advanced security measures requires a high level of expertise and understanding of system vulnerabilities. Hackers may utilize zero-day exploits, social engineering, or advanced persistent threats (APTs). It's a complex process involving constant learning and adaptation to overcome the continuous updates and improvements made by cybersecurity teams. Remember, it's an ongoing battle between hackers and cybersecurity professionals.

 

[bazang]

If a hacker manages to bypass powerful modern antivirus solutions, such as Kaspersky, and even EDR solutions, what do you think is happening and how is it happening?
Infiltrates into network > infect connected devices with spyware, RAT, and other malware bypassing router's firewall, windows PC antivirus + firewall + EDR, and bypassing other security measures, stay completely hidden and undetected. Also infects other OS, such as MacOS, IOS, Linux Ubuntu OS, which is a completely different code and system on its own.

How hard is it to do this? Does anyone knows? In the hacker's POV, you are essentially up against a team of skilled cybersecurity engineers that created those AV solutions, EDR solutions, operating system, firewall, router, etc. And you're able to bypass them all.

All of this could have been answered online with a 10 second Google search:

Breaching a network can be difficult, but it is not impossible. ** without proper network monitoring**, it is difficult to detect a security breach until it’s too late1. ** many organizations fail to monitor their networks for suspicious activity or fail to log security events adequately**1. 91% of cyberattacks start with a successful phishing email, and attackers typically employ this tactic to identify gullible victims or steal credentials3. 99% of firewall breaches would be caused by increased network complexity4. the most effective way to identify breaches early is to use tools that are constantly scanning the network for discrepancies, anomalies and suspicious behavior5.

The defensive side is almost ALWAYS weaker than the offensive side.

You are over-estimating the skills of the "team of skilled cybersecurity engineers that created those AV solutions, EDR solutions, operating system, firewall, router, etc." That ecosystem is rife with security holes and, therefore, hackers succeed with every single tick of the second hand on a clock. Why is that? The answer is people. The users, administrators, and company executives & owners themselves.

AV development teams are typically not all that great. Most are just programmers without any real knowledge of cybersecurity. It is VERY rare to have a developer on a security software publisher's team that started out as an enterprise admin and then progressed through various security roles, and learned about a lot of security software during that journey. Developers with that kind of experience just don't exist in any meaningfully significant numbers. The same goes for other roles.

Hackers are way more smart than the cybersecurity pros. They are more determined, they have more patience, they have way more money to fund their efforts, and they can obtain whatever resources that they need to accomplish their objectives. The cybersecurity defense side has no chance. It never has and it never will without 100% absolute brutal default-deny and zero trust implementations, continuous monitoring, and oversight. That requires a small army even in a 20-person company.

 

[Victor M]

@Rov123 Are you talking about your own present situation?

As for the hackers, they don't know magic. They just install the same security products and then test and tweak their attacks.

 

[TairikuOkami]

And you're able to bypass them all.

Most software solutions are designed to stop script kiddies, not hackers. Like a router or a firewall, they merely stop some random scans, but all the traffic is allowed by default. The same goes for AV, it stops automatic malware, which works like ABC, but a hacker will just go for D, bypassing all the basic defenses. Only a hacker (admin) can stop a hacker, by monitoring the network 24/7.

 

[Rov123]

@Rov123 Are you talking about your own present situation?

As for the hackers, they don't know magic. They just install the same security products and then test and tweak their attacks.

Sort of yes, I'm trying to gauge and understand a situation better, trying to not make it seem like I'm whining too much. But yes, I am a target to a group of hackers online, whatever reasons it could be, but one of it was my fault because I ran my mouth online and gave myself attention like a dumbass. I should have kept and stayed lowkey, I wish I could have gone back in time for that, but too late now. This group of hackers, specifically one person have been tormenting me for many years now, some sort of sick obsession, the person uses their hacking leverage to induce harassments which really destroyed my mental health. All my personal and private and sensitive information, the person used all of it and spread it around for not only their group/accomplice/friend but random strangers they befriended online to see through social engineering, and created a profile of me online and now I am sort of infamous or whatever you name it, mini celebrity to a small group of these people that I do not even know at all.
I used to not believe in these things, and thought that it was only for the mentally ill, but until you experience it yourself, you would never have guessed it exists. The world is filled with all kinds of freaks and psychos, you think these would only exists in movies or stories, but you gotta ask where or who inspired those stories? It does not come from nowhere.
I am not entirely mentally healthy myself, I do have conditions like ADHD, depression and anxiety, and other issues, making me a very easy target. If I was more stable, maybe I could have accumulated money and defend myself, gather resources, learn about hacking and defend myself, but I genuinely have zero interests in any of those things, and their cyberstalking and harassments made it 10x worse. I am also a loner and have zero interests in friendships, so it makes me very defenseless without any support group. Situation really sucks.

Most software solutions are designed to stop script kiddies, not hackers. Like a router or a firewall, they merely stop some random scans, but all the traffic is allowed by default. The same goes for AV, it stops automatic malware, which works like ABC, but a hacker will just go for D, bypassing all the basic defenses. Only a hacker (admin) can stop a hacker, by monitoring the network 24/7.

"Only a hacker (admin) can stop a hacker, by monitoring the network 24/7." So what the ##### can the average user even do in the case that they have become a target? A smart victim would probably learn how to hack and defend themselves or do whatever else, but unfortunately I just want to enjoy my life online in private and anonymously, I just have no motivation to deal with this crap anymore. I've tried a lot of the standard stuff, no luck.

If anyone is willing to help me out, I would gladly pay you money$$.

 

[Victor M]

You say you have tried Ubuntu. Install it again if you have erased it, and follow intructions here: Fortified Ubuntu: hardening Ubuntu 24 Desktop . See what happens.

 

[Rov123]

You say you have tried Ubuntu. Install it again if you have erased it, and follow intructions here: Fortified Ubuntu: hardening Ubuntu 24 Desktop . See what happens.

I tried Ubuntu in dual boot mode with Windows, I haven't tried Ubuntu alone for my PC. So I thought maybe Windows partition is somehow infecting the Ubuntu linux partition, but to even do that requires some very sophistication, no? I also remember when I entered into Ubuntu, the Windows partition was not mounted and also had bitlocker enabled since I used Windows 11 Pro, it makes no sense to me how the virus or whatever it is can transfer over.

But yes I could try Ubuntu alone without any other OS aside it, I use windows because I'm familiar with it and there's a game that only runs on Windows which I regularly play.

 

[RoboMan]

If you really are a target of "sophisticated hackers" that want to share your personal information as you said, you should re-evaluate your online life.

To start with, delete all your social networks account and creater fresh ones. For these ones. do not befriend anyone but people you explicitly know (and know for sure it's them). Then set all these accounts in "private" mode. Restrict Facebook profile. Make sure no information you post is public, and do not include personal information in your profiles (this includes phone numbers, addresses, cities, relationships).

Second, install a privacy-oriented OS like Tails. Else, any Linux distro will be safer than Windows. If you don't want to use Linux, then stay with Windows, but do a clean install and immediately install a robust antivirus. Use one that includes an Application Control module (like Kaspersky) or install a third-party software that offers anti-executable capabilities. The importance of a white-list based security software instead of a black-list (first gen antivirus) is very important. If your first line of defense is trusting an antivirus judgment on wether a file is safe or not, you're gonna become infected again. VoodooShield is a good example of anti-executable.

Once you've covered these points, and you're sure you are malware-free and protected against malware (with anti-execution/application control modules, and a robust antivirus with a firewall), then proceed to change all passwords and add 2FA to all your accounts. This is to lock out these "hackers" from your accounts.

After all this steps, all you need is to surf the web safely and learn the cybersecurity 101s to not become infected.

 

[Sandbox Breaker - DFIR]

Prevention is possible although it takes a lot of work and skill. Everything is "theoretically" hackable but you can make it soooo hard to the point where it's only a theory. I've done it and continue to do so.

 

[Rov123]

If you really are a target of "sophisticated hackers" that want to share your personal information as you said, you should re-evaluate your online life.

To start with, delete all your social networks account and creater fresh ones. For these ones. do not befriend anyone but people you explicitly know (and know for sure it's them). Then set all these accounts in "private" mode. Restrict Facebook profile. Make sure no information you post is public, and do not include personal information in your profiles (this includes phone numbers, addresses, cities, relationships).

Second, install a privacy-oriented OS like Tails. Else, any Linux distro will be safer than Windows. If you don't want to use Linux, then stay with Windows, but do a clean install and immediately install a robust antivirus. Use one that includes an Application Control module (like Kaspersky) or install a third-party software that offers anti-executable capabilities. The importance of a white-list based security software instead of a black-list (first gen antivirus) is very important. If your first line of defense is trusting an antivirus judgment on wether a file is safe or not, you're gonna become infected again. VoodooShield is a good example of anti-executable.

Once you've covered these points, and you're sure you are malware-free and protected against malware (with anti-execution/application control modules, and a robust antivirus with a firewall), then proceed to change all passwords and add 2FA to all your accounts. This is to lock out these "hackers" from your accounts.

After all this steps, all you need is to surf the web safely and learn the cybersecurity 101s to not become infected.

Hello, thanks for the reply, really great stuff. I do have one problem though and that is my network is suspected to be infected, so any device connected is prone to being infiltrated. I do not own my network/modem/router, it is my landlord's and it is for free to use as I pay my rent. Is there anything that can be done about this or am I doomed until I get a new network? Or does it not matter at all if I have a robust OS and security measures?

Prevention is possible although it takes a lot of work and skill. Everything is "theoretically" hackable but you can make it soooo hard to the point where it's only a theory. I've done it and continue to do so.

Advice please for Windows?

 

[simmerskool]

Hello, thanks for the reply, really great stuff. I do have one problem though and that is my network is suspected to be infected, so any device connected is prone to being infiltrated. I do not own my network/modem/router, it is my landlord's and it is for free to use as I pay my rent. Is there anything that can be done about this or am I doomed until I get a new network? Or does it not matter at all if I have a robust OS and security measures?

Advice please for Windows?

most likely the modem comes with apartment but is owned by ISP, not by your landlord. Check with your ISP. You could buy your own compliant modem, and you could buy a router, do some research on routers, some are better than others. Plus follow what @RoboMan said. If I was in your residence situation, I would not trust the router and I would buy a new secure router.
EDIT: and immediately input a secure password on the new router.

 

[RoboMan]

Hello, thanks for the reply, really great stuff. I do have one problem though and that is my network is suspected to be infected, so any device connected is prone to being infiltrated. I do not own my network/modem/router, it is my landlord's and it is for free to use as I pay my rent. Is there anything that can be done about this or am I doomed until I get a new network? Or does it not matter at all if I have a robust OS and security measures?

Advice please for Windows?

As mentioned by @simmerskool buy your own router. Create a bridge connection and secure your ports.

EDIT: I'm sorry, don't bridge it. Let the router manage the internal IP addresses for your devices.

 

[Victor M]

I asked ChatGPT for secure routers capable of using Wifi as Wan source. And It gave me :
GL.iNet Beryl AX (GL-MT3000),
MikroTik hAP AX² or hAP AC
pfSense or OPNsense (with a WiFi Bridge)
Pepwave Surf SOHO ( more expensive USD$299 )

I briefly look these up and they are not expensive except for the pepwave, and they can take WiFi as the incoming signal. If your landlord is willing to let you string an Ethernet cable from his modem to your room, then you have more choices. The pfSense software is free if you have an older desktop and add an extra NIC ( or a laptop with built-in ethernet and add a usb ethernet dongle )

The whitelist VoodooShield Cyberlock product is solid security, follow RoboMan's advice and do NOT skip re-installing Windows if you wish to use Windows. In order to prevent boot sector malware from hanging around, I always wipe the drive first before installing Windows. A good free one is Parted Magic, their product is commercial, but you can download non-current versions for free.

The app control that RoboMan talked about (I think we are talking about the same thing) is a built-in Windows security feature also called WDAC, so you can configure it using Powershelll if you wade thru the MS documentation. Former MT member spynetgirl has written an app called AppControl Manager. It is menu driven Powershell and easy to use, Basically you are building a list of software that you use and blocking anything foreign. An optional feature of WDAC is MS Intelligent Security Graph which is a reputation driven security measure. I would think MS knows what is reputable because of telemetry,

Every layer of security is useful, so do not discount installing your own router firewall. Hackers have different skills and skill levels.If one layer doesn't stop him, then another lsyer will.

 

[bazang]

I do have one problem though and that is my network is suspected to be infected, so any device connected is prone to being infiltrated. I do not own my network/modem/router, it is my landlord's and it is for free to use as I pay my rent.

So you are connecting to a "Guest" network or the landlord is giving everyone the network connection credentials?

I am going to guess that your landlord is a family member - probably your parents or a sibling. Either that or it room rental.

If it is the second case then the network connection credentials have been on the dark web for a long time. The network is fully compromised and nothing you add (e.g. router) will make much of a difference because downstream from a router that you add is a fully compromised network.

Adding your own router will not do a thing to improve the security. The only way to achieve better security is to not connect to the network. With the network security as it is, the attackers do not need to be sophisticated. Antivirus is not going to prevent the attacks.

Use your mobile phone cellular as a hot spot and stop connecting to the landlord network. Better yet, move somewhere else where you have your own network.

 

[simmerskool]

So you are connecting to a "Guest" network or the landlord is giving everyone the network connection credentials?

I am going to guess that your landlord is a family member - probably your parents or a sibling. Either that or it room rental.

If it is the second case then the network connection credentials have been on the dark web for a long time. The network is fully compromised and nothing you add (e.g. router) will make much of a difference because downstream from a router that you add is a fully compromised network.

Adding your own router will not do a thing to improve the security. The only way to achieve better security is to not connect to the network. With the network security as it is, the attackers do not need to be sophisticated. Antivirus is not going to prevent the attacks.

Use your mobile phone cellular as a hot spot and stop connecting to the landlord network. Better yet, move somewhere else where you have your own network.

maybe I'm missing something...?? an ISPis coming into the building where Rov123 is renting. He has free access to his landlord's internet connection but complains the landlord's network is infected, correct? (or has his landlord's backdoor). So contact ISP, run a cable from ISP into your apartment, connect it to your own modem and your own router and your network is (should be) clean. Whining about stuff you get for free is lame imo. Even if your landlord's network was not infected, he would still potentially have a backdoor into your computer if I am understanding your current "free" setup -- why trust your landlord with anything related to your internet connection?

 

[Victor M]

Using your mobile phone hotspot as the internet connection is a solid idea. Be sure to subscribe to an adequate cellular data plan.

 

[bazang]

maybe I'm missing something...?? an ISPis coming into the building where Rov123 is renting. He has free access to his landlord's internet connection but complains the landlord's network is infected, correct? (or has his landlord's backdoor). So contact ISP, run a cable from ISP into your apartment, connect it to your own modem and your own router and your network is (should be) clean. Whining about stuff you get for free is lame imo. Even if your landlord's network was not infected, he would still potentially have a backdoor into your computer if I am understanding your current "free" setup -- why trust your landlord with anything related to your internet connection?

Dependent upon where the OP lives and the lease, they might not be permitted to have their own ISP line running into their apartment or part of the residence.

The OP did not state that they live in an apartment building. They only said that they pay rent. Paying rent, while most commonly associated as a renter in an apartment with one having control of the utilities in said apartment, can be other living arrangements as well - such as still living with mommy & daddy and paying them rent and using their network. If a college student, then living with others and paying rent.

If I had to bet, I'd bet that OP is renting a room and not an apartment. From what they've said, the impression is that they cannot maintain employment and qualify for an apartment lease. OP even stated that they are not mentally stable. So that is the basis of what I stated and why I stated it.

Since these threads constantly appear on MT about being targeted by sophisticated cyberstalkers with all kinds of hackings - and all, more or less - have the same narrative, I tend to think it is all troll posting.

 

[BSONE]

Since these threads constantly appear on MT about being targeted by sophisticated cyberstalkers with all kinds of hackings - and all, more or less - have the same narrative, I tend to think it is all troll posting.

Don't engage the trollers. quod erat demonstrandum.

 

[BSONE]

I would be interested in how my config with Eset, Windows Smart App Control, and Control D DNS scores?