Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.

Entries in Exploit (1)

Monday
Oct182010

AntiVirus Vulnerability- Detection after Execution

DateMonday, October 18, 2010 at 1:43PM

http://www.n00bz.net/antivirus-cve/

Presented at HackerHalted... This proof of concepts walks through a method of attack that AV products detect only after a known malicious payload is executed.  It is one attack that happens to work against multiple vendors; and it's not a Windows problem, it's that each vendor product allows the execution of a program before detecting the malware, by leveraging an unusual behavior of Help and Support Center through the hcp:// protocol handler.

The exploit used to trigger this behavior is CVE-2010-1885 (HelpCenter) released by Tavis Ormandy.  While this exploit is used, this is NOT a rehash of the Microsoft Helpcenter Exploit.  The purpose of this write up is to walk though the discovery and document the method used to effectively bypass AntiVirus and execute a malicious payload on a victims machine.

Authorn00bz Network | CommentPost a Comment |
tagged , , in , , , ,