Re: dumping hashes on box w/ Norton AV



Neil wrote:
When I tried to run fgdump against a DC with Norton AV Enterprise
running on it, Norton AV was able to block & flag it. At the time, it
wasn't a big deal (well, it was a good thing, since that meant the
server was that much more secure); but now I'm a bit interested in what
methods could be used to get around these sorts of mechanisms.


Curious - what version of fgdump? 1.5.0 is more evasive when it comes to
AV, and if it's still being picked up, I'm very interested to find out
by what.

--fizzgig

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



Relevant Pages

  • Re: dumping hashes on box w/ Norton AV
    ... For a specific program (like fgdump), each AV vendor has their own secret way to detect the program by inspecting it's bits, or in some cases, behavior. ... If you compiled your own version of fgdump, most likely it would not flag AV. ... When I tried to run fgdump against a DC with Norton AV Enterprise ... Consider getting clear vision with Cenzic ...
    (Pen-Test)
  • dumping hashes on box w/ Norton AV
    ... When I tried to run fgdump against a DC with Norton AV Enterprise ... Norton AV was able to block & flag it. ...
    (Pen-Test)
  • Re: rofl
    ... Neil X. wrote: ... > person by burning the flag, lighting someone else's flag, or ... > Federal property" clause is an issue for me. ... The burning of a flag anywhwere could ...
    (rec.music.gdead)
  • Re: Slow debugging excessive exceptions in the IDE
    ... It'd be interesting to know why it is so slow / if there is some sort ... of flag I can set to stop the IDE handling the exceptions. ... > Hi Neil, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: [PATCH] Remove GENHD_FL_DRIVERFS
    ... This flag is not used, ... Yep that looks pretty dead, thanks Neil, queued up. ... Jens Axboe ...
    (Linux-Kernel)