Jump to content

SeriousHoax

Members
  • Content Count

    91
  • Joined

  • Last visited

  • Days Won

    2

Kudos

  1. Upvote
    SeriousHoax gave kudos to itman in Windows Registry Helps Find Malicious Docs Behind Infections   
    This is a great article on how to perform security forensics after a malware attack to determine the source MS Office entity responsible:
    https://www.bleepingcomputer.com/news/security/windows-registry-helps-find-malicious-docs-behind-infections/
  2. Upvote
    SeriousHoax gave kudos to itman in Hips Configuration   
    Actually, there are better ways to deliver script based malware. That is, convert the script to a .exe.
    Here's an article on how to do so for a PowerShell script: https://www.ilovefreesoftware.com/19/windows/powershell-to-exe-converter.html . This will also allow me to password protect my script code so Eset can't scan it via hueristics. I then phish the target into entering the password via e-mail etc..
    Here's one for .bat scripts: https://www.addictivetips.com/windows-tips/convert-a-bat-script-to-an-exe-on-windows-10/ . Note this runs hidden.
    One for .vbs scripts: https://www.snapfiles.com/get/vbstoexe.html
    Finally and my favorite, one for Python scripts: https://ourcodeworld.com/articles/read/273/how-to-create-an-executable-exe-from-a-python-script-in-windows-using-pyinstaller . Note that Win AMSI does not scan Python scripts.
  3. Upvote
    SeriousHoax gave kudos to itman in Hips Configuration   
    One other important point in regards to ransomware protection and any other malware that deploys scripts.
    Eset firewall rules need to be created to monitor outbound network traffic done by scripts and other commonly abused processes used by malware developers. Additionally, these firewall rules will serve as a backup mechanism to any like HIPS created rules in the event malware was able to bypass those. A very common technique employed by malware developers to use scripts to connect to their remote C&C servers for the purpose of downloading their malicious payload executable or to stage a remote execution attack. How to create these firewall rules are given here: https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware .
    Finally, Eset best practices recommendations should be reviewed for additional ways to mitigate ransomware: https://support.eset.com/en/kb3433-best-practices-to-protect-against-filecoder-ransomware-malware .
  4. Upvote
    SeriousHoax received kudos from fabioquadros_ in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both.
    Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky.

    And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot.

    To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same.
    I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better.
    Examples:


×
×
  • Create New...