Jump to content

[Question] Symantec Endpoint Protection Bypass

overwraith

By overwraith
in Classic USB Rubber Ducky

 Share
Go to solution Solved by no42,

Recommended Posts

  • Solution
no42 Newbie

no42

Posted
  • Solution
Posted

Yes, until these guys get wise!

Symantec, Sophos, and lumension (old versions)can be bypassed!

Lumension just released new version, that dictates what users are allowed USB. If you user isn't allowed USB, ducky will be blocked.

Windows 7+ GPO settings can also block the duck.

Other versions and products, block by vid&pid hence version2 firmware makes it easier for you to change these values without re flashing.

Go forth, and quack the system, my ducklings!

Link to comment
Share on other sites
overwraith Newbie

overwraith

Posted
  • Author
Posted (edited)

I just tried the VID/PID change on the Semantec endpoint protection, and I can verify that the change does work. Are there any other ways the antivirus companies can block us, so we can get ahead of the curve in preventing the antivirus companies from blocking us?

-If they take into account the speed at which we type the payloads, we can create bash scripts to randomize the delay values between commands or even letters. Could even modify the duck script language to do it automatically.

Edited by overwraith
Link to comment
Share on other sites
PineDominator Newbie

PineDominator

Posted
Posted
I just tried the VID/PID change on the Semantec endpoint protection, and I can verify that the change does work. Are there any other ways the antivirus companies can block us, so we can get ahead of the curve in preventing the antivirus companies from blocking us?

-If they take into account the speed at which we type the payloads, we can create bash scripts to randomize the delay values between commands or even letters. Could even modify the duck script language to do it automatically.

If you do preemptive stuff to avert anti virus they find our tricks faster

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...