trend-bypass.txt

trend-bypass.txt: Posted Feb 26, 2008; Authored by Danux; It appears possible to bypass OfficeScan AV from Trend Micro by increasing an executable's virtual and raw size.; tags | advisory, bypass; SHA-256 | 80e569432b949e9380b81029fa5de2654cc78874bc1e8cbcdedb9821630b26b4; Download | Favorite | View

trend-bypass.txt

Hi,

As usual, i dont know if its new but i would like to share it with you....

its possible to bypass TREND MICRO OFFICE SCAN Client AV ver. 8.0.

If you edit a PE EXE File and increase its virtual and raw size, (in
my example 1000 bytes added) from its last section (in my case .idata
section), then office scan is unable to detect the malware inside the
file.


This took place after reproducing the excellent video from Mati
Aharoni (piss on your AV!!! - Shmoo 2008). But i didnt even need to
encode the malware inside the backdoor.

Cheers!!!

-- 
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

trend-bypass.txt

trend-bypass.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

trend-bypass.txt

Share This

trend-bypass.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems