Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Looking for a program...

  1. #11
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Cool video!

    Are you sure you need a dirty version of dsplit though? The one in the video looks clean.

    Now I wonder if this could possibly be applicable to real virus's to make them undetectable?!?

    I should fix my screensaver I have since it shows up dirty but I wrote the code myself and I know its not.

  2. #12
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by hhmatt81 View Post
    Cool video!

    Are you sure you need a dirty version of dsplit though? The one in the video looks clean.

    Now I wonder if this could possibly be applicable to real virus's to make them undetectable?!?

    I should fix my screensaver I have since it shows up dirty but I wrote the code myself and I know its not.
    The program itself is not "dirty". AVs simply detect it has a "hacktool" because it could be used for malicious purposes. Most AVs will do the same with Netcat. They call it a "hacktool" but it's harmless in and of itself.

    Your premise is exactly what the video was about.

    muts gave a presentation at Shmoocon that accomplished the same thing albeit by different means. You can find that video here.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #13
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    Yes, there are many ways to achieve similar results - and most, if not all, applicable tools would be flagged by most modern day AV software..... It's all part of the "dumbed-down" user experience everyone expects and enjoys with their PC's these days!

    As a side-note, I remember some years back an interesting tool which worked "both ways" called Armadillo. Anyone still use that?

  4. #14
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by theprez98 View Post
    The program itself is not "dirty". AVs simply detect it has a "hacktool" because it could be used for malicious purposes. Most AVs will do the same with Netcat. They call it a "hacktool" but it's harmless in and of itself.

    Your premise is exactly what the video was about.

    muts gave a presentation at Shmoocon that accomplished the same thing albeit by different means. You can find that video here.
    Gotta love muts! Great presentation!

    Is there a video that shows this a little clearer? Its hard to make out some of the assembly code he uses.

    Where did he get the 1000 byte buffer?

  5. #15
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by hhmatt81 View Post
    Gotta love muts! Great presentation!

    Is there a video that shows this a little clearer? Its hard to make out some of the assembly code he uses.

    Where did he get the 1000 byte buffer?
    I think that it will be featured in the Backtrack2Max course.

    Really looking forward to it.
    Tiocfaidh ár lá

  6. #16
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by KMDave View Post
    I think that it will be featured in the Backtrack2Max course.

    Really looking forward to it.
    Are you sure? He used vista throughout the entire presentation.

  7. #17
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    1

    Default

    I got the same thing, scanned it and it went crazy. Gonna redownload it in a bit.

  8. #18
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by theunspoken View Post
    I got the same thing, scanned it and it went crazy. Gonna redownload it in a bit.
    If you are going to raise a thread this old from the grave you should at least have something with a bit more substance to add to the conversation....
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •