Penetration Testing mailing list archives
dumping hashes on box w/ Norton AV
From: Neil <neil () horizontheory com>
Date: Thu, 10 May 2007 18:03:57 -0400
When I tried to run fgdump against a DC with Norton AV Enterprise running on it, Norton AV was able to block & flag it. At the time, it wasn't a big deal (well, it was a good thing, since that meant the server was that much more secure); but now I'm a bit interested in what methods could be used to get around these sorts of mechanisms. How do you slip your tools past the AV when it flags and deletes them on the spot? -- Neil. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- dumping hashes on box w/ Norton AV Neil (May 10)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)
- RE: dumping hashes on box w/ Norton AV George M. Garner Jr. (May 11)
- Re: dumping hashes on box w/ Norton AV Teh Fizzgig (May 11)
- Re: dumping hashes on box w/ Norton AV Danett song (May 11)
- Re: dumping hashes on box w/ Norton AV Peter Wood (May 11)
- <Possible follow-ups>
- Re: dumping hashes on box w/ Norton AV Bill Stout (May 11)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)