Metasploit mailing list archives
Re: my handler has been p0wned
From: Nikhil Mittal <nikhil_uitrgpv () yahoo co in>
Date: Fri, 18 Mar 2011 20:35:17 +0530 (IST)
Thanks, I presume that all AV will report back. All these AV are on my VMs cutoff from the Internet. Nikhil Mittal --- On Fri, 18/3/11, Jeffs <jeffs () speakeasy net> wrote: From: Jeffs <jeffs () speakeasy net> Subject: Re: [framework] my handler has been p0wned To: "Nikhil Mittal" <nikhil_uitrgpv () yahoo co in> Cc: framework () spool metasploit com Date: Friday, 18 March, 2011, 4:31 PM Remember that with Kaspersky at least, it automatically reports suspicious files back to it's headquarters by default unless you turn off that feature. On 3/18/2011 5:54 AM, Nikhil Mittal wrote:
Stay away from VT if you are concerned at all about keeping your exe from being detected by AVs before deployment.
Totally agree to that. What I use is my own environment of AVG, Kaspersky, Norton and Mcafee. I know this is not sufficient but generally accomplishes the task for most of my clients got covered by above. BTW, do anyone know about some "private" threat analysis site(s) like VT which do not share details with AV Vendors. Nikhil Mittal _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: my handler has been p0wned al1c3andb0b (Mar 16)
- Re: my handler has been p0wned Civ (Mar 16)
- <Possible follow-ups>
- Re: my handler has been p0wned Nikhil Mittal (Mar 18)
- Re: my handler has been p0wned Jeffs (Mar 18)
- Re: my handler has been p0wned Nikhil Mittal (Mar 18)
- Re: my handler has been p0wned 5.K1dd (Mar 18)
- Re: my handler has been p0wned Jeffs (Mar 18)