Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Vault 7: WikiLeaks Docs Hint CIA Could Bypass 21 Security Products
#1
Vault 7: WikiLeaks Docs Hint CIA Could Bypass 21 Security Products


One of the hidden gems included in the Vault 7 data, dumped yesterday by WikiLeaks, is a document detailing bypass techniques for 21 security software products.

The document is part of a data dump of nearly 9,000 other files, all documentation files and manuals for various hacking tools, which WikiLeaks claims belong to the CIA.

One particular document, labeled "Personal Security Products (PSPs)" lists 21 security products, each linking to a separate document, containing descriptions of various exploits and techniques that could be used to bypass the named security tools.

The list covers almost all major antivirus vendors, including Comodo, Avast, Kaspersky, AVG, ESET, Symantec, and others.

For most security products included in this list, the bypass/exploit technique has been redacted. Yesterday, when it announced the Vault 7 leak, WikiLeaks said it made 70,875 redactions in total, mainly to remove any harmful code and personal details, such as names and IP addresses.

Bypass and exploit techniques were only listed for three vendors: F-SecureAvira, and AVG (partial info).

In OSB's experience, F-Secure has generally been a lower tier product that causes us minimal difficulty.  The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads.  Two defeats are known to exist:  On involves using RAR file string tables in the resource section, the other involves cloning a RAR file manifest file – the manifest technique also works against Avira's entropy-based heuristics.
 
Avira has historically been a popular product among [Counter Terrorism] targets, but is typically easy to evade.  Similar to F-Secure, Avira has an apparent entropy-based heuristic that flags binaries containing encrypted/compressed payloads, but there are two known defeats.
 
AVG Catches a Payload Dropped to Disk and Launched via Link File Well After Execution (Process Hollowing)

The full list of security products included in the WikiLeaks Vault 7 dump are as follows:
  • Comodo

  • Avast

  • F-Secure

  • Zemana Antilogger

  • Zone Alarm

  • Trend Micro

  • Symantec

  • Rising

  • Panda Security

  • Norton

  • Malwarebytes Anti-Malware

  • EMET (Enhanced Mitigation Experience Toolkit)

  • Microsoft Security Essentials

  • McAfee

  • Kaspersky

  • GDATA

  • ESET

  • ClamAV

  • Bitdefender

  • Avira

  • AVG
Source: https://www.bleepingcomputer.com/news/se...-products/
Reply
#2
Thanks for the info  Thinking
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 663 02-04-2024 , 06:49 AM
Last Post: mrtrout
  Low-Detection Phishing Kits Increasingly Bypass MFA Mohammad.Poorya 0 1,101 02-04-2022 , 05:29 PM
Last Post: Mohammad.Poorya
  Digital Vault ( superantispyware) Available for U.S. customers only mrtrout 0 939 04-09-2021 , 12:30 AM
Last Post: mrtrout
  Office 365 now checks docs for known threats before editing tarekma7 0 1,589 06-23-2020 , 09:42 PM
Last Post: tarekma7
  VPN bypass vulnerability in Apple iOS sidemoon 0 1,635 03-26-2020 , 08:53 PM
Last Post: sidemoon



Users browsing this thread: 2 Guest(s)