Pushing the limit

Microsoft is giving a great favor in letting us download and test freely the 2k8 server OS.  I decided to test my FUD payloads against it and as an antivirus protection I chose Kaspersky Endpoint Security 8 for Windows (for File Servers)

Strangely I find it easier to hack Win2k8 and the AV for servers. Home users are sometimes better protected than poor servers. To sum it up I got the following:

  • Kaspersky bypass shellcode
  • Full DEP bypass
  • NT Authority\SYSTEM via getsytem -1
  • Unload of AVP from memory
  • Kill the server

Using the Viktor Cleaner I was able to disable Endpoint Security 8 on the server as you can see in the video below :

Yep, it is dangerous to run unknown binaries … Relying on anti-virus is like sitting in a window/door-less house with a shotgun (except shotguns don’t only shoot preselected burglars)


About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.