Jump to content

Recommended Posts

Posted (edited)

Hey,

I want to install multiple antivirus in One PC as We already have an example like virustotal.com etc... they are running all anti's in one machine so Would like to know how it can be done?

You may post links or any sort of information you have with your own knowledge!

Edited by L3arn3r
Posted (edited)

Lots of ways to bypass AV these days, but if you need solutions I use these three when using questionable downloads, along with a sandbox, like Sandboxie or a virtual machine with no network card or internet access.

http://anubis.iseclab.org/

http://virusscan.jotti.org/en

https://www.virustotal.com/en/

Edited by digip
Posted (edited)

<p>

It is pointless to do so in my opinion. Reasons below.

  • They will most likely conflict with each other
  • Active scanning will cause disk thrashing
  • Resource hogs
  • Antivirus is almost pointless

If Antivirus are pointless then what would you suggest to use?

Lots of ways to bypass AV these days, but if you need solutions I use these three when using questionable downloads, along with a sandbox, like Sandboxie or a virtual machine with no network card or internet access.

http://anubis.iseclab.org/

http://virusscan.jotti.org/en

https://www.virustotal.com/en/

If i will give you exe via PM then can you verify that attacker all information like IP, port?

Edited by L3arn3r
Posted

http://anubis.iseclab.org/ will install, show changes, and give you a PCAP file of the traffic of the executable if it downloads anything that you can throw in WireShark, which is one of the reasons I like it, so give it a try. If its a zip, may not work. Usually works with installers. If its packed, use something like Uniextract and PEiD to inspect(in a SANDBOX or VM).

Also, forgot about CWSandbox, an online one that is similar to anubis.

As for AV being dead, windows machines can use things like EMET to help protect against programs that try to bypass ASLR and such, but you should create a limited user account that users use, and never use the Admin account on a Windows box. Especially on a corporate domain, users should be setup to have file shares, and reverting desktops, and always save files to their shares, which is on the server side, while each time they reboot, you put them back in to a frozen state using something like Deep Freeze or such whith all the programs they need installed, each reboot will revert any changes or virus infections, while their file share will still be accessible to them after reboot. Its on the file share servers that you really want to protect and keep things locked down from privilege escalation and such.

Nothing is perfect, and today, its not always a virus that gets you in trouble. 9 times out of 10, its users clicking shit or opening things they have no reason to be opening, or, mobile devices and external home devices/drives plugged into the network that you really can't ever stop 100% without educating the whole workforce and hoping they actually listen.

Posted (edited)

At anubis! it doesn't provide PCAP file as you said. anubis option were "HTML PDF XML TXT" these four only shows after scan can't get pcap file?

Edited by L3arn3r
Posted (edited)

At anubis! it doesn't provide PCAP file as you said. anubis option were "HTML PDF XML TXT" these four only shows after scan can't get pcap file?

When done uploading and it runs on their target machines, IF the program makes access to the internet, it should also provide a pcap of the traffic along with the report of what was changed. Its jut a link in the HTML report like the other info. If no pcap, then either the program crashed, didn't run, or was no web traffic created by the program uploaded. Read the output and check the page report for the program you upload. Post a link here to the results on anubis if you want. Edited by digip

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...