Re: my handler has been p0wned

[Nikhil Mittal <nikhil_uitrgpv () yahoo co in>]

Thanks, I presume that all AV will report back. All these AV are on my VMs cutoff from the Internet.
 

Nikhil Mittal

--- On Fri, 18/3/11, Jeffs <jeffs () speakeasy net> wrote:


From: Jeffs <jeffs () speakeasy net>
Subject: Re: [framework] my handler has been p0wned
To: "Nikhil Mittal" <nikhil_uitrgpv () yahoo co in>
Cc: framework () spool metasploit com
Date: Friday, 18 March, 2011, 4:31 PM


Remember that with Kaspersky at least, it automatically reports suspicious files back to it's headquarters by default 
unless you turn off that feature.

On 3/18/2011 5:54 AM, Nikhil Mittal wrote: 




> > Stay away from VT if you are concerned at all about
> > keeping your exe from being detected by AVs before deployment.

Totally agree to that.
What I use is my own environment of AVG, Kaspersky, Norton and Mcafee. I know this is not sufficient but generally 
accomplishes the task for most of my clients got covered by above.

BTW, do anyone know about some "private" threat analysis site(s) like VT which do not share details with AV Vendors.


Nikhil Mittal



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework