Actually I think that Comodo’s sandbox approach is very good. You take any unknown binaries and automatically distrust them and place them into sandbox. Thus if we for example bypass its Antivirus Heuristics and manage to get a shell on the target we wont be able to do much on the system level as the whole expolit process will be separated by the sandbox.
It took a while to defeat the sandbox and for a time Comodo was on my top list of AV products. This method can bypass the Defense+ in paranoid mode and the Antivirus heuristics. Metasploit reverse payload is slightly customized of course in order to get by the AV. I cannot disclose the details of the Sandbox escape in order to protect the innocent and from the abuse by script-kiddies. Below is a demonstration on how the attack if performed featuring Viktor Cleaner giving a final strike.
In case you wonder what strange language the Windows 7 is in its Czech.
COM RPC is one motherfucking moving target for avers :/
// Mno vida, hezke ze se v cechach jeste nekdo zabejva virii :)
Prilezitostne se obcas nekdo zabejva, ale virama bych to nenazyval :)
Any tricks to inject shellcode to exists process ???
hola bro sin lugar ha duda eres el mejor , quisiera saber como haces eso , aver si te animas ha enseñarme hablo en español
Hello bro without place has no doubt you are the best , i would like to know how you do that , malfunction if you animas has teach me speaking in Spanish