Metasploit mailing list archives
Re: some ideas, roadmap cleanup, and ugly jokes..
From: Jonathan Cran <jcran () 0x0e org>
Date: Thu, 16 Sep 2010 17:03:12 -0400
4. Each AV, HIPS vendor out there have their own protection methods, there is not a a one size fits all approach to disable this countermeasures, you will have to install each in a lab and work a process for each one. 5. The use of Railgun will be a better approach since it does not interact with executables or writes to disk and only the DLL MACE is changed but this MACE is already changed by IR tools when they collect their volatile data off the system.
I'll echo Carlos, i've started working on disabling several of them - symantec, trend, and mcafee, but found that railgun is the proper approach to avoid both touching disk, and annoying / noisy commandshell popup windows. jcran -- Jonathan Cran jcran () 0x0e org 515.890.0070
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- some ideas, roadmap cleanup, and ugly jokes.. Marco Polo (Sep 16)
- Re: some ideas, roadmap cleanup, and ugly jokes.. Carlos Perez (Sep 16)
- Re: some ideas, roadmap cleanup, and ugly jokes.. Jonathan Cran (Sep 16)
- Re: some ideas, roadmap cleanup, and ugly jokes.. egypt (Sep 16)
- Re: some ideas, roadmap cleanup, and ugly jokes.. Carlos Perez (Sep 16)