Jump to content


  • Posts

  • Joined

  • Last visited

About VelocityTek

  • Rank

Profile Information

  • Location
  1. The delay though is more concerning than simply modifying the codebase of different exploits. I guess I am making a feature request, seeing as all I would have to do is increase heuristics scan times for processes. (If that isn't already an option) And they haven't adapted quickly whatsoever to the little delay trick that Sam Bowne brought to light. That is the issue. And it can be fixed (relatively, you still have to add it into the program) easily by allowing users to control Heuristics scan times...
  2. I had recently (finally) gotten a reply from my favourite Anti Virus software developers ESET on their Twitter Page: ESET ‏@ESET 2h @TOPNOTCHPClol if you haven't already, please post this issue with as much info as you can share via https://forum.eset.com - Thanks! (I am new here, so I apologize if I did not post in the correct area) I will basically be copying and pasting my original post on the Linus Tech Tips Forum (Before starting a description, this is not exactly news and I am not much of a writer, however I am posting it here including my sources. This issue, as-well as the IPv6 Router Advertisement flood needs to be resolved. This won't be the easiest to read however, anyone with some technical knowledge should be able to get the just of what I am saying) Sam Bowne teaches Ethical Hacking at the City College San Francisco1. Sam Bowne has done many talks at Defcon which can all be found on You Tube2. Most recently Sam Bowne had his students modify & compile malware in Python into Windows executables3, thus making Virus Total.com unable to detect it(Virus Total does not use heuristics, as normal Anti Virus engines would) making the code effective against Anti Virus softwares with Behavioral Analysis options disabled(Which they very rarely are)4. After having published his findings a Twitter follower by the name of Bobby 'Tables5 suggested to Sam Bowne that Behavioral Analysis really only watches the process for "a minute or two", suggesting that a simple delay in combination with Sam's original method could make both definitions obsolete by modifying the malicious code, compiling in Python, then switching it over to a Windows executable, leaving heuristics or "behavioral analysis" the only thing left to pick up the malicious code. To get around heuristics Sam simply used a delay after starting the process to in essence wait until the guards pass to do something malicious. The delay issue in itself actually worries me a fair bit more than, a slight modification of malicious code in Python. My suggestion for Anti Virus manufacturers is to offer users the flexibility on both how long heuristics will watch certain processes, and maybe even the intervals in which the Anti Virus software re-checks processes. Anti Virus Software such as ESET Nod32/Smart Security is already so light weight and efficient that, I could see myself having it watch processes for about an hour long still with minimal performance hits. If you are interested in watching a video on Sam Bowne demonstrating these concepts the link has been provided in the sources, as-well as a link to a video on IPv6 Router Advertisement Floods. Sources: (To see video demonstrations follow this link to my original post please: hxxp://linustechtips.com/main/topic/199011-python-delay-makes-anti-virus-softwares-obsolete/) 1: https://twitter.com/sambowne 2: https://www.youtube....am Bowne Defcon 3: hxxp://samsclass.inf...roj14/p8-av.htm 4: hxxp://samsclass.inf...oj14/norton.htm 5: https://twitter.com/info_dox 6: RA flood Videos: RA flood hitting fortigate: RA flood discussion:
  • Create New...