SOPHOS Tester 漏洞利用測試工具

761773275

測出這麽多報法

1. “Lockdown”恶意行为已在 Sophos Tester 中被阻止
   
2. “WipeGuard”恶意行为已在 Sophos Tester 中被阻止
   
3. “DynamicShellcode”恶意行为已在 Sophos Tester 中被阻止
   
4. “APCViolation”恶意行为已在 Sophos Tester 中被阻止
   
5. “HollowProcess”恶意行为已在 Sophos Tester 中被阻止
   
6. “CodeCave”恶意行为已在 Sophos Tester 中被阻止
   
7. “PrivGuard”恶意行为已在 Sophos Tester 中被阻止

复制代码

1. “StackPivot”攻击已在 Sophos Tester 中被阻止
   
2. “ROP”攻击已在 Sophos Tester 中被阻止
   
3. “CallerCheck”攻击已在 Sophos Tester 中被阻止
   
4. “LoadLib”攻击已在 Sophos Tester 中被阻止
   
5. “IAF”攻击已在 Sophos Tester 中被阻止
   
6. “StackExec”攻击已在 Sophos Tester 中被阻止
   
7. “SysCall”攻击已在 Sophos Tester 中被阻止
   
8. “HeapSpray”攻击已在 Sophos Tester 中被阻止
   
9. “VTableHijack”攻击已在 Sophos Tester 中被阻止

复制代码

測其他軟件用修改版，原版有數字簽名

1. https://t.wss.ink/f/c55uqk7gj2b

复制代码

1. https://ufile.io/f/v9xt6

复制代码

wajika

Silverlight 发表于 2024-9-13 16:54
下载链接过期啦

Download page: https://www.hasslinger.com/downl ... hosTester-v3217.zip
网上找到的原版

heixiu2

用来检测漏洞不错。

Hibike

在HMPA那个工具的基础上改来的吧
修改版刚点击Install就被ATC拿下了

1. 高级威胁防护阻止了一个恶意进程。进程路径: C:\Users\Precuwa\Desktop\SophosTester x.exe. 威胁名称: ATC.SuspiciousBehavior.FEE463AF53C8BB70.

复制代码

GreatMOLA

1. Filename: sophostester x.exe
   
2. Threat name: SONAR.Cryptlck!g141Full Path: Not Available
   
3. 
   
4. ____________________________
   
5. 
   
6. ____________________________
   
7. 
   
8. 
   
9. On computers as of 
   
10. 9/9/2023 at 9:12:51 PM
    
11. 
    
12. Last Used 
    
13. 9/9/2023 at 9:12:51 PM
    
14. 
    
15. Startup Item 
    
16. No
    
17. Launched 
    
18. Yes
    
19. Behavioral Protection monitors for suspicious program activity on your computer.
    
20. 
    
21. 
    
22. ____________________________
    
23. 
    
24. 
    
25. sophostester x.exeThreat name: SONAR.Cryptlck!g141
    
26. Locate
    
27. 
    
28. 
    
29. Very Few Users
    
30. Fewer than 5 users in the Norton Community have used this file.
    
31. 
    
32. Very New
    
33. This file was released less than 1 week  ago.
    
34. 
    
35. High
    
36. This file risk is high.
    
37. 
    
38. 
    
39. ____________________________
    
40. 
    
41. 
    
42. Source: External Media
    
43. 
    
44. Source File:
    
45. sophostester x.exe
    
46. 
    
47. ____________________________
    
48. 
    
49. File Actions
    
50. 
    
51. File: c:\Users\User\Desktop\sophostester x.exeRestart Required
    
52. 
    
53. File: c:\program files (x86)\Sophos\sophos tester\sophostester.exeThreat Removed
    
54. 
    
55. File: c:\Users\User\AppData\Local\Temp\sophostester-install.logThreat Removed
    
56. 
    
57. File: c:\programdata\microsoft\Windows\start menu\Programs\sophos tester\sophos tester.lnkThreat Removed
    
58. 
    
59. Directory: c:\program files (x86)\SophosRestart Required
    
60. 
    
61. Directory: c:\program files (x86)\Sophos\sophos testerRestart Required
    
62. 
    
63. Directory: c:\programdata\microsoft\windows\start menu\programs\sophos testerThreat Removed
    
64. 
    
65. ____________________________
    
66. 
    
67. Registry Actions
    
68. 
    
69. Registry change: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tester, Registry Hive: 64 bitThreat Removed
    
70. 
    
71. Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Tester, Registry Hive: 64 bitThreat Removed
    
72. 
    
73. ____________________________
    
74. 
    
75. System Settings Actions
    
76. 
    
77. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken
    
78. 
    
79. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken
    
80. 
    
81. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken
    
82. 
    
83. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
    
84. 
    
85. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1876 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1876)No action taken
    
86. 
    
87. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
    
88. 
    
89. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
    
90. 
    
91. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
    
92. 
    
93. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:1732 (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
    
94. 
    
95. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken
    
96. 
    
97. (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken
    
98. 
    
99. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:4640 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken
    
100. 
     
101. Event: Process start (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
102. 
     
103. Event: Process start: c:\Users\User\Desktop\sophostester x.exe, PID:5920 (Performed by c:\users\user\desktop\sophostester x.exe, PID:5920)No action taken
     
104. 
     
105. Event: PE file creation: c:\program files (x86)\sophos\sophos tester\sophostester.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
106. 
     
107. Event: PE file creation: c:\program files (x86)\Sophos\sophos tester\helper.exe (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
108. 
     
109. Event: PE file creation: c:\Windows\SysWOW64\tester86.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
110. 
     
111. Event: PE file creation: c:\Windows\System32\tester64.dll (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
112. 
     
113. Event: PE file creation: c:\Windows\System32\drivers\tester64.sys (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
114. 
     
115. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
116. 
     
117. ____________________________
     
118. 
     
119. Suspicious Actions
     
120. 
     
121. (Performed by c:\users\user\desktop\sophostester x.exe, PID:1732)No action taken
     
122. 
     
123. (Performed by c:\users\user\desktop\sophostester x.exe, PID:4640)No action taken
     
124. 
     
125. ____________________________
     
126. 
     
127. 
     
128. File Thumbprint - SHA:
     
129. Not available
     
130. File Thumbprint - MD5:
     
131. Not available
     

复制代码

喀反

win10 WD测试：大部分miss ,勒索保护大部分防住了，但是其他漏洞测试ASR规则拦截了一两个，其余miss(默认漏洞攻击)

user43567453654

编辑

初心．杰

BD、诺顿、天守、小红伞、EMSI全部都是Result: Exploit succeeded，不知道是不是我测试的方式有问题？

SweetieRamRem

卡巴斯基试了好几个似乎都没有拦截

Picca

就算无数字签名，这种本身无实际的恶意行为的，很难被卡巴拦截，防不防御估计看安软自身的设计逻辑。

测试勒索，我看到加密的那几个都是它自己创建的文件，然后自己把它加密了，这算反复横跳吗

另外，普通管理员账户是个好东西，你得有

PS: KSN信任

FD丶纸鸢

FSCS15 全被过 通通success（