вторник, 2 октября 2012 г.

Bypass proactive protection in Agnitum Outpost Security Suite. Video demonstration.

Original post in Russian

Workflow:

1. Check that the driver is not present in the system directory (by trying to open it in notepad)
2. Run the exploit. You are prompted to install the driver of Outpost Security Suite. Inactivity (i.e., do not agree)
3. Try to open driver file via notepad again and voila: the driver is installed!

Vulnerable: Agnitum Outpost Security Suite v 7.5.3 (3942.608.1810); other versions may also be affected.

Technical details won't be disclosed until I contact with Agnitum staff.

Video: