Pushing the limit

Microsoft is giving a great favor in letting us download and test freely the 2k8 server OS.  I decided to test my FUD payloads against it and as an antivirus protection I chose Kaspersky Endpoint Security 8 for Windows (for File Servers)

Strangely I find it easier to hack Win2k8 and the AV for servers. Home users are sometimes better protected than poor servers. To sum it up I got the following:

  • Kaspersky bypass shellcode
  • Full DEP bypass
  • NT Authority\SYSTEM via getsytem -1
  • Unload of AVP from memory
  • Kill the server

Using the Viktor Cleaner I was able to disable Endpoint Security 8 on the server as you can see in the video below :

Yep, it is dangerous to run unknown binaries … Relying on anti-virus is like sitting in a window/door-less house with a shotgun (except shotguns don’t only shoot preselected burglars)

Advertisements
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s