[framework] my handler has been p0wned
nikhil_uitrgpv at yahoo.co.in
Fri Mar 18 08:05:17 PDT 2011
Thanks, I presume that all AV will report back. All these AV are on my VMs cutoff from the Internet.
--- On Fri, 18/3/11, Jeffs <jeffs at speakeasy.net> wrote:
From: Jeffs <jeffs at speakeasy.net>
Subject: Re: [framework] my handler has been p0wned
To: "Nikhil Mittal" <nikhil_uitrgpv at yahoo.co.in>
Cc: framework at spool.metasploit.com
Date: Friday, 18 March, 2011, 4:31 PM
Remember that with Kaspersky at least, it automatically reports suspicious files back to it's headquarters by default unless you turn off that feature.
On 3/18/2011 5:54 AM, Nikhil Mittal wrote:
>>Stay away from VT if you are concerned at all about
>>keeping your exe from being detected by AVs before deployment.
Totally agree to that.
What I use is my own environment of AVG, Kaspersky, Norton and Mcafee. I know this is not sufficient but generally accomplishes the task for most of my clients got covered by above.
BTW, do anyone know about some "private" threat analysis site(s) like VT which do not share details with AV Vendors.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the framework