Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Which security programs can detect and stop Metasploit's meterpreter shell?
Message
<blockquote data-quote="Andy Ful" data-source="post: 1058695" data-attributes="member: 32260"><p>That is true for pentesters but not for Blue Teams or Red Teams. WDAC and hardening cannot stop skillful teams.</p><p></p><p></p><p></p><p>I can. For example, by disabling macros in documents, I can prevent any malware that would be downloaded and executed by this macro.</p><p>WDAC restrictions for scripts can prevent many malware, that could be downloaded and executed.</p><p>Of course, if the malware was not downloaded it could not be detected.</p><p></p><p></p><p></p><p>Mostly yes, but we have also attacks via exploits. Metasploit can be used in such attacks. It is probable that the author of this thread is in such a situation.</p><p></p><p>Edit.</p><p>I am not sure if our discussion is still on topic and interesting for the readers. Although I like to use/test WDAC and hardening, most users will never touch such solutions.</p><p>Anyway, if the author is ready then it would be interesting to see if your tight hardening could stop his Red Team.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1058695, member: 32260"] That is true for pentesters but not for Blue Teams or Red Teams. WDAC and hardening cannot stop skillful teams. I can. For example, by disabling macros in documents, I can prevent any malware that would be downloaded and executed by this macro. WDAC restrictions for scripts can prevent many malware, that could be downloaded and executed. Of course, if the malware was not downloaded it could not be detected. Mostly yes, but we have also attacks via exploits. Metasploit can be used in such attacks. It is probable that the author of this thread is in such a situation. Edit. I am not sure if our discussion is still on topic and interesting for the readers. Although I like to use/test WDAC and hardening, most users will never touch such solutions. Anyway, if the author is ready then it would be interesting to see if your tight hardening could stop his Red Team. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
