Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bypassing OfficeScan Trend Micro AV

from [Danux] Network Security [Permanent Link]
Subject: Bypassing OfficeScan Trend Micro AV
Date: Tue, 26 Feb 2008 01:47:10 -0600 
Hi,

As usual, i dont know if its new but i would like to share it with you....

its possible to bypass TREND MICRO OFFICE SCAN Client AV ver. 8.0.

If you edit a PE EXE File and increase its virtual and raw size, (in
my example 1000 bytes added) from its last section (in my case .idata
section), then office scan is unable to detect the malware inside the
file.


This took place after reproducing the excellent video from Mati
Aharoni (piss on your AV!!! - Shmoo 2008). But i didnt even need to
encode the malware inside the backdoor.

Cheers!!!

-- 
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Bypassing OfficeScan Trend Micro AV, Danux <=
Previous by Date:  [SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities, Noah Meyerhans
Next by Date:  SandMan 1.0.080226 is out!, Matthieu Suiche
Previous by Thread:  [SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities, Noah Meyerhans
Next by Thread:  SandMan 1.0.080226 is out!, Matthieu Suiche
Indexes:  [Date] [Thread] [Top] [All Lists]