收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 SOPHOS Tester 漏洞利用測試工具
12下一页
返回列表 发新帖
查看: 4078|回复: 10
收起左侧

[分享] SOPHOS Tester 漏洞利用測試工具

[复制链接]
761773275
发表于 2023-9-9 18:44:05 | 显示全部楼层 |阅读模式
本帖最后由 761773275 于 2023-9-9 18:46 编辑



測出這麽多報法
  1. “Lockdown”恶意行为已在 Sophos Tester 中被阻止
  2. “WipeGuard”恶意行为已在 Sophos Tester 中被阻止
  3. “DynamicShellcode”恶意行为已在 Sophos Tester 中被阻止
  4. “APCViolation”恶意行为已在 Sophos Tester 中被阻止
  5. “HollowProcess”恶意行为已在 Sophos Tester 中被阻止
  6. “CodeCave”恶意行为已在 Sophos Tester 中被阻止
  7. “PrivGuard”恶意行为已在 Sophos Tester 中被阻止
复制代码
  1. “StackPivot”攻击已在 Sophos Tester 中被阻止
  2. “ROP”攻击已在 Sophos Tester 中被阻止
  3. “CallerCheck”攻击已在 Sophos Tester 中被阻止
  4. “LoadLib”攻击已在 Sophos Tester 中被阻止
  5. “IAF”攻击已在 Sophos Tester 中被阻止
  6. “StackExec”攻击已在 Sophos Tester 中被阻止
  7. “SysCall”攻击已在 Sophos Tester 中被阻止
  8. “HeapSpray”攻击已在 Sophos Tester 中被阻止
  9. “VTableHijack”攻击已在 Sophos Tester 中被阻止
复制代码


測其他軟件用修改版,原版有數字簽名
  1. https://t.wss.ink/f/c55uqk7gj2b
复制代码
  1. https://ufile.io/f/v9xt6
复制代码




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Picca + 1 版区有你更精彩: )

查看全部评分

回复

举报

heixiu2
发表于 2023-9-9 19:32:24 | 显示全部楼层
用来检测漏洞不错。
回复

举报

Hibike
发表于 2023-9-9 19:51:18 | 显示全部楼层
本帖最后由 Hibike 于 2023-9-9 20:10 编辑

在HMPA那个工具的基础上改来的吧
修改版刚点击Install就被ATC拿下了

  1. 高级威胁防护阻止了一个恶意进程。进程路径: C:\Users\Precuwa\Desktop\SophosTester x.exe. 威胁名称: ATC.SuspiciousBehavior.FEE463AF53C8BB70.
复制代码


回复

举报

GreatMOLA
发表于 2023-9-9 21:18:10 | 显示全部楼层
  1. Filename: sophostester x.exe
  2. Threat name: SONAR.Cryptlck!g141Full Path: Not Available

  4. ____________________________

  6. ____________________________


  9. On computers as of 
  10. 9/9/2023 at 9:12:51 PM

  12. Last Used 
  13. 9/9/2023 at 9:12:51 PM

  15. Startup Item 
  16. No
  17. Launched 
  18. Yes
  19. Behavioral Protection monitors for suspicious program activity on your computer.


  22. ____________________________


  25. sophostester x.exeThreat name: SONAR.Cryptlck!g141
  26. Locate


  29. Very Few Users
  30. Fewer than 5 users in the Norton Community have used this file.

  32. Very New
  33. This file was released less than 1 week  ago.

  35. High
  36. This file risk is high.


  39. ____________________________


  42. Source: External Media

  44. Source File:
  45. sophostester x.exe

  47. ____________________________

  49. File Actions

  51. File: c:\Users\User\Desktop\sophostester x.exeRestart Required

  53. File: c:\program files (x86)\Sophos\sophos tester\sophostester.exeThreat Removed

  55. File: c:\Users\User\AppData\Local\Temp\sophostester-install.logThreat Removed

  57. File: c:\programdata\microsoft\Windows\start menu\Programs\sophos tester\sophos tester.lnkThreat Removed

  59. Directory: c:\program files (x86)\SophosRestart Required

  61. Directory: c:\program files (x86)\Sophos\sophos testerRestart Required

  63. Directory: c:\programdata\microsoft\windows\start menu\programs\sophos testerThreat Removed

  65. ____________________________

  67. Registry Actions

  69. Registry change: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tester, Registry Hive: 64 bitThreat Removed

  71. Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Tester, Registry Hive: 64 bitThreat Removed

  73. ____________________________

  75. System Settings Actions

  77. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  79. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  81. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  83. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  85. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1876 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken

  87. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  89. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  91. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  93. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  95. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  97. (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  99. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:4640 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  101. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  103. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:5920 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken

  105. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  107. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  109. Event: PE file creation: c:\Windows\SysWOW64\tester86.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  111. Event: PE file creation: c:\Windows\System32\tester64.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  113. Event: PE file creation: c:\Windows\System32\drivers\tester64.sys (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  115. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  117. ____________________________

  119. Suspicious Actions

  121. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken

  123. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken

  125. ____________________________


  128. File Thumbprint - SHA:
  129. Not available
  130. File Thumbprint - MD5:
  131. Not available
复制代码
回复

举报

喀反
发表于 2023-9-9 23:54:15 | 显示全部楼层
win10 WD测试:大部分miss ,勒索保护大部分防住了,但是其他漏洞测试ASR规则拦截了一两个,其余miss(默认漏洞攻击)

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

user43567453654
发表于 2023-9-10 09:54:13 | 显示全部楼层
本帖最后由 user43567453654 于 2023-9-10 10:10 编辑

编辑
回复

举报

初心.杰
头像被屏蔽
发表于 2023-9-10 10:22:33 | 显示全部楼层
BD、诺顿、天守、小红伞、EMSI全部都是Result: Exploit succeeded,不知道是不是我测试的方式有问题?




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

SweetieRamRem
发表于 2023-9-10 10:25:25 | 显示全部楼层
卡巴斯基试了好几个似乎都没有拦截
回复

举报

Picca
发表于 2023-9-10 16:53:06 | 显示全部楼层
本帖最后由 Picca 于 2023-9-10 17:07 编辑

就算无数字签名,这种本身无实际的恶意行为的,很难被卡巴拦截,防不防御估计看安软自身的设计逻辑。

测试勒索,我看到加密的那几个都是它自己创建的文件,然后自己把它加密了,这算反复横跳吗

另外,普通管理员账户是个好东西,你得有

PS: KSN信任

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

FD丶纸鸢
发表于 2023-9-26 17:48:51 | 显示全部楼层
FSCS15 全被过 通通success(
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-27 19:36 , Processed in 0.134098 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表