收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 【终章,基于微软评估实验室的测试】专业治疗杀软综合征
1 ...67891011121314... 16下一页
返回列表 发新帖
楼主: vaedzy
 收起左侧

[技术原创] 【终章,基于微软评估实验室的测试】专业治疗杀软综合征

  [复制链接]
a27573
发表于 2022-1-1 14:17:28 | 显示全部楼层
本帖最后由 a27573 于 2022-1-1 14:24 编辑

HitmanPro.Alert
安装后经过一次重启


由于HMPA不会被识别未杀软,故关闭MD的防护进行测试

除了凭据窃取有警报之外,都是无声无息地被过(除时间外毫无变化的图我就不传了)


(上面两个警报是重测时产生的)

警报的详细内容
  1. Mitigation   MalwareBlocked
  2. Timestamp    2021-12-31T12:00:47

  4. Platform     10.0.19043/x64 v923 06_55*
  5. PID          6688
  6. Application  C:\Windows\Temp\sb-sim-temp-c_2jyxtu\sb_167664_bs_ljxph1h9\llac.exe
  7. Created      2021-12-31T12:00:47
  8. Description  Mal/Generic-R + Troj/Mimkatz-T


  11. Process Trace
  12. 1  C:\Windows\System32\cmd.exe [6688]
  13.    C:\Windows\system32\cmd.exe /c "echo sb_167664_bs >NUL & C:\Windows\TEMP\sb-sim-temp-c_2jyxtu\sb_167664_bs_ljxph1h9\llac.exe privilege::debug sekurlsa::logonpasswords exit sb_167664_bs & exit"
  14. 2  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe [888]
  15.    "C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe" 65004 413486659185822387 sb_167664_bs
  16. 3  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  17. 4  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\service\sbsimulator_service.exe [3388]
  18. 5  C:\Windows\System32\services.exe [828]
  19. 6  C:\Windows\System32\wininit.exe [696]
  20.    wininit.exe

  22. Services
  23. 3388  SBSimulator

  25. Dropped Files
  26. 1  C:\Windows\TEMP\sb-sim-temp-c_2jyxtu\sb_167664_bs_ljxph1h9\llac.exe
  27.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe [888]
  28.         Read by \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  29. 1  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe
  30.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  31.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  32.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  33.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  34.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe [4660]
  35. 2  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe.manifest
  36.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  37. 3  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\resources\sbsimulator.db-journal
  38.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  39. 4  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe
  40.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  41.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  42.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  43.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  44.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe [9640]
  45. 5  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe.manifest
  46.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  47. 6  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe
  48.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  49.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  50.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  51.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  52.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe [2976]
  53. 7  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe.manifest
  54.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  55. 8  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe
  56.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  57.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  58.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  59.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  60.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe [7748]
  61. 9  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe.manifest
  62.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  63. 10 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe
  64.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  65.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  66.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  67.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  68.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe [10184]
  69. 11 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe.manifest
  70.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  71. 12 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe
  72.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  73.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  74.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  75.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  76.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe [8852]
  77. 13 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe.manifest
  78.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  79. 14 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe
  80.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  81.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  82.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  83.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  84.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe [6604]
  85. 15 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe.manifest
  86.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  87. 16 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe
  88.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  89.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  90.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  91.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  92.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe [888]
  93. 17 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe.manifest
  94.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]

  96. Thumbprints
  97. 8b1c149c6bc445730979d1aedb0a6925819b1b8c95d28c833fbf94cf0229f40f
复制代码
  1. Mitigation   CredGuard
  2. Timestamp    2021-12-31T12:00:51

  4. Platform     10.0.19043/x64 v923 06_55*
  5. PID          2060
  6. Feature      007D0A30000000A6
  7. Application  C:\Windows\System32\reg.exe
  8. Created      2021-12-10T13:10:26
  9. Description  Registry Console Tool 10

  11. \REGISTRY\MACHINE\SAM

  13. Process Trace
  14. 1  C:\Windows\System32\reg.exe [2060]
  15.    reg.exe  query HKLM /f password /t REG_SZ /s
  16. 2  C:\Windows\System32\cmd.exe [9140]
  17.    C:\Windows\system32\cmd.exe /c "echo sb_167665_bs >NUL & reg.exe query HKLM /f password /t REG_SZ /s & exit"
  18. 3  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167665_bs_142952.exe [3444]
  19.    "C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167665_bs_142952.exe" 65004 413484882501789137 sb_167665_bs
  20. 4  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  21. 5  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\service\sbsimulator_service.exe [3388]
  22. 6  C:\Windows\System32\services.exe [828]
  23. 7  C:\Windows\System32\wininit.exe [696]
  24.    wininit.exe

  26. Services
  27. 3388  SBSimulator

  29. Dropped Files
  30. 1  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe
  31.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  32.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  33.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  34.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  35.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe [4660]
  36. 2  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167657_bs_142944.exe.manifest
  37.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  38. 3  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\resources\sbsimulator.db-journal
  39.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  40. 4  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe
  41.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  42.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  43.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  44.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  45.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe [9640]
  46. 5  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167658_bs_142945.exe.manifest
  47.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  48. 6  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe
  49.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  50.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  51.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  52.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  53.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe [2976]
  54. 7  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167659_bs_142946.exe.manifest
  55.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  56. 8  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe
  57.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  58.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  59.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  60.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  61.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe [7748]
  62. 9  C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167660_bs_142947.exe.manifest
  63.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  64. 10 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe
  65.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  66.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  67.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  68.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  69.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe [10184]
  70. 11 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167661_bs_142948.exe.manifest
  71.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  72. 12 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe
  73.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  74.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  75.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  76.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  77.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe [8852]
  78. 13 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167662_bs_142949.exe.manifest
  79.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  80. 14 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe
  81.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  82.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  83.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  84.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  85.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe [6604]
  86. 15 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167663_bs_142950.exe.manifest
  87.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  88. 16 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe
  89.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  90.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  91.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  92.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  93.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe [888]
  94. 17 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167664_bs_142951.exe.manifest
  95.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  96. 18 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167665_bs_142952.exe
  97.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]
  98.         Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1500]
  99.                 \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe [3312]
  100.                 \Device\HarddiskVolume2\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3476]
  101.                 \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167665_bs_142952.exe [3444]
  102. 19 C:\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulation\sbsimulation_sb_167665_bs_142952.exe.manifest
  103.      Dropped by \Device\HarddiskVolume2\Program Files\SafeBreach\SafeBreach Endpoint Simulator\app\21.2.4\simulator\sbsimulator.exe [3972]

  105. Thumbprints
  106. c56ba9fe137105a138904a814f5717b03f7c8a71338797364283f1e1862e2138
复制代码



“已知的勒索软件感染”中,经确认勒索样本未实际运行,只能说明HMPA的静态扫描被过

“OS 配置更改”项未测试

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +3 收起 理由
vaedzy + 3

查看全部评分

回复

举报

Kawarrui
发表于 2022-1-7 11:59:52 | 显示全部楼层
00006666 发表于 2021-12-31 12:05
那这样的话,勒索测试应该是只测试监控,没有测试主防吧。

MDE相当于第二层防护,只有测试的杀软漏掉之后MDE才会提醒
回复

举报

虚无混沌
发表于 2022-1-8 12:30:27 | 显示全部楼层
vaedzy 发表于 2021-12-31 12:03
有这种日志,我知道正常人懒得看,都丢上来就是看图大会了。需要的话我发给你,你看看

看着这个,有种打网络攻防的感觉,仿佛自己也是高手了……
回复

举报

虚无混沌
发表于 2022-1-8 12:31:52 | 显示全部楼层
几位大佬辛苦,看起来表现上卡巴斯基确实值得信赖。反而在上一章测试中表现良好的BD,在BDTS版本,该次测试条件下表现没那么亮眼了。
回复

举报

虚无混沌
发表于 2022-1-8 12:32:36 | 显示全部楼层
本帖最后由 虚无混沌 于 2022-1-8 12:36 编辑
swizzer 发表于 2021-12-31 13:24
确实···
我怀疑智量缺少测试岗···就算是3.03,也还是有不少小问题

立即应聘测试去……(不是)
回复

举报

vaedzy
头像被屏蔽
 楼主| 发表于 2022-1-8 12:32:51 | 显示全部楼层
虚无混沌 发表于 2022-1-8 12:31
几位大佬辛苦,看起来表现上卡巴斯基确实值得信赖。反而在上一章测试中表现良好的BD,在BDTS版本,该次测试 ...

卡巴斯基 智量 还有个谁来着 大蜘蛛 都是抱着模拟器的 就是把攻击用的模拟器破坏了 导致无法正常执行。
回复

举报

虚无混沌
发表于 2022-1-8 12:39:09 | 显示全部楼层
vaedzy 发表于 2022-1-8 12:32
卡巴斯基 智量 还有个谁来着 大蜘蛛 都是抱着模拟器的 就是把攻击用的模拟器破坏了 导致无法正常执行。

啊,可能我看的太快看漏了。反正这么几天和以前经历,我还是信赖卡巴(陆续用了有四五年),BD(大概加起来一年,以前个人版用一段时间就被更新问题和卡机器烦的卸载,这次的BDT反而流畅的让我难以相信这是BD,并且在我的使用条件下误报很少“近乎没有”,让我对BD大为改观。PS:严重怀疑大佬住在卡饭了。
回复

举报

vaedzy
头像被屏蔽
 楼主| 发表于 2022-1-8 12:41:11 | 显示全部楼层
虚无混沌 发表于 2022-1-8 12:39
啊,可能我看的太快看漏了。反正这么几天和以前经历,我还是信赖卡巴(陆续用了有四五年),BD(大概加起 ...

中午嘛 没啥事干 就水一水 看到回复了就回一下
回复

举报

虚无混沌
发表于 2022-1-8 12:44:01 | 显示全部楼层
swizzer 发表于 2021-12-31 15:14
主防之前拦截模拟器本体了吗···

如果拦截了,那么自动机就会直接拉黑相应文件(就好像卡巴主 ...

其实这样测试就朝向某一功能的测试了,一般而言可以认为,在攻击开始前直接把发起程序做掉,应该算是成功防御了。
回复

举报

vaedzy
头像被屏蔽
 楼主| 发表于 2022-1-8 12:46:01 | 显示全部楼层
虚无混沌 发表于 2022-1-8 12:44
其实这样测试就朝向某一功能的测试了,一般而言可以认为,在攻击开始前直接把发起程序做掉,应该算是成功 ...

我们是这么认为的 但私下也讨论过 直接抱着模拟器杀 算不算是作弊 毕竟真正的攻击还没开始
回复

举报

下一页 »
1 ...67891011121314... 16下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 03:35 , Processed in 0.098046 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表