查看: 6005|回复: 13
收起左侧

[分享] SOPHOS Tester 漏洞利用測試工具

[复制链接]
761773275
发表于 2023-9-9 18:44:05 | 显示全部楼层 |阅读模式
本帖最后由 761773275 于 2023-9-9 18:46 编辑



測出這麽多報法
  1. “Lockdown”恶意行为已在 Sophos Tester 中被阻止
  2. “WipeGuard”恶意行为已在 Sophos Tester 中被阻止
  3. “DynamicShellcode”恶意行为已在 Sophos Tester 中被阻止
  4. “APCViolation”恶意行为已在 Sophos Tester 中被阻止
  5. “HollowProcess”恶意行为已在 Sophos Tester 中被阻止
  6. “CodeCave”恶意行为已在 Sophos Tester 中被阻止
  7. “PrivGuard”恶意行为已在 Sophos Tester 中被阻止
复制代码
  1. “StackPivot”攻击已在 Sophos Tester 中被阻止
  2. “ROP”攻击已在 Sophos Tester 中被阻止
  3. “CallerCheck”攻击已在 Sophos Tester 中被阻止
  4. “LoadLib”攻击已在 Sophos Tester 中被阻止
  5. “IAF”攻击已在 Sophos Tester 中被阻止
  6. “StackExec”攻击已在 Sophos Tester 中被阻止
  7. “SysCall”攻击已在 Sophos Tester 中被阻止
  8. “HeapSpray”攻击已在 Sophos Tester 中被阻止
  9. “VTableHijack”攻击已在 Sophos Tester 中被阻止
复制代码


測其他軟件用修改版,原版有數字簽名
  1. https://t.wss.ink/f/c55uqk7gj2b
复制代码
  1. https://ufile.io/f/v9xt6
复制代码




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Picca + 1 版区有你更精彩: )

查看全部评分

wajika
发表于 2024-9-14 11:16:24 | 显示全部楼层
本帖最后由 wajika 于 2024-9-14 11:18 编辑

Download page: https://www.hasslinger.com/downl ... hosTester-v3217.zip
网上找到的原版

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1经验 +20 收起 理由
白露为霜 + 20 版区有你更精彩: )

查看全部评分

heixiu2
发表于 2023-9-9 19:32:24 | 显示全部楼层
用来检测漏洞不错。
Hibike
发表于 2023-9-9 19:51:18 | 显示全部楼层
本帖最后由 Hibike 于 2023-9-9 20:10 编辑

在HMPA那个工具的基础上改来的吧
修改版刚点击Install就被ATC拿下了

  1. 高级威胁防护阻止了一个恶意进程。进程路径: C:\Users\Precuwa\Desktop\SophosTester x.exe. 威胁名称: ATC.SuspiciousBehavior.FEE463AF53C8BB70.
复制代码


GreatMOLA
发表于 2023-9-9 21:18:10 | 显示全部楼层
  1. Filename: sophostester x.exe
  2. Threat name: SONAR.Cryptlck!g141Full Path: Not Available

  3. ____________________________

  4. ____________________________


  5. On computers as of 
  6. 9/9/2023 at 9:12:51 PM

  7. Last Used 
  8. 9/9/2023 at 9:12:51 PM

  9. Startup Item 
  10. No
  11. Launched 
  12. Yes
  13. Behavioral Protection monitors for suspicious program activity on your computer.


  14. ____________________________


  15. sophostester x.exeThreat name: SONAR.Cryptlck!g141
  16. Locate


  17. Very Few Users
  18. Fewer than 5 users in the Norton Community have used this file.

  19. Very New
  20. This file was released less than 1 week  ago.

  21. High
  22. This file risk is high.


  23. ____________________________


  24. Source: External Media

  25. Source File:
  26. sophostester x.exe

  27. ____________________________

  28. File Actions

  29. File: c:\Users\User\Desktop\sophostester x.exeRestart Required

  30. File: c:\program files (x86)\Sophos\sophos tester\sophostester.exeThreat Removed

  31. File: c:\Users\User\AppData\Local\Temp\sophostester-install.logThreat Removed

  32. File: c:\programdata\microsoft\Windows\start menu\Programs\sophos tester\sophos tester.lnkThreat Removed

  33. Directory: c:\program files (x86)\SophosRestart Required

  34. Directory: c:\program files (x86)\Sophos\sophos testerRestart Required

  35. Directory: c:\programdata\microsoft\windows\start menu\programs\sophos testerThreat Removed

  36. ____________________________

  37. Registry Actions

  38. Registry change: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tester, Registry Hive: 64 bitThreat Removed

  39. Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Tester, Registry Hive: 64 bitThreat Removed

  40. ____________________________

  41. System Settings Actions

  42. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  43. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  44. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  45. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  46. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1876 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  47. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  48. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  49. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  50. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  51. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  52. (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  53. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:4640 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  54. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  55. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:5920 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  56. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  57. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  58. Event: PE file creation: c:\Windows\SysWOW64\tester86.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  59. Event: PE file creation: c:\Windows\System32\tester64.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  60. Event: PE file creation: c:\Windows\System32\drivers\tester64.sys (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  61. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  62. ____________________________

  63. Suspicious Actions

  64. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  65. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  66. ____________________________


  67. File Thumbprint - SHA:
  68. Not available
  69. File Thumbprint - MD5:
  70. Not available
复制代码
喀反
发表于 2023-9-9 23:54:15 | 显示全部楼层
win10 WD测试:大部分miss ,勒索保护大部分防住了,但是其他漏洞测试ASR规则拦截了一两个,其余miss(默认漏洞攻击)

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
user43567453654
发表于 2023-9-10 09:54:13 | 显示全部楼层
本帖最后由 user43567453654 于 2023-9-10 10:10 编辑

编辑
初心.杰
发表于 2023-9-10 10:22:33 | 显示全部楼层
BD、诺顿、天守、小红伞、EMSI全部都是Result: Exploit succeeded,不知道是不是我测试的方式有问题?




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
SweetieRamRem
发表于 2023-9-10 10:25:25 | 显示全部楼层
卡巴斯基试了好几个似乎都没有拦截
Picca
发表于 2023-9-10 16:53:06 | 显示全部楼层
本帖最后由 Picca 于 2023-9-10 17:07 编辑

就算无数字签名,这种本身无实际的恶意行为的,很难被卡巴拦截,防不防御估计看安软自身的设计逻辑。

测试勒索,我看到加密的那几个都是它自己创建的文件,然后自己把它加密了,这算反复横跳吗

另外,普通管理员账户是个好东西,你得有

PS: KSN信任

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
FD丶纸鸢
发表于 2023-9-26 17:48:51 | 显示全部楼层
FSCS15 全被过 通通success(
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 13:40 , Processed in 0.121750 second(s), 21 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表