KellyKeeton dot Com v3.0 reverse engineering life

10Nov/080

The More you Know… Antivirus infecting Memory from network Share

By default most major antivirus manufacture (I tested with symantec) will only scanviruses when they read or write to disk.

Meaning that they will not read viruses in memory by default with real time scan.

So, if you load up a binary with a virus on a UNC or map drive in your environmentthat you will then be able to load code into memory and AV cant see. (because youdidn't read from your disk)

Apply the idea to this, take a virus that can stop AV (sality.ae) and run it via windowsUNC on a system with default install. BAM infected, and you have AV installed withnew def’s.

To prevent this you need to scan network drives for viruses, obviously this causesissues with network performance. However could save you until you get rid of a parasite/trojanvirus in your network (or worse) most major vendors have a check-box for this.

Filed under: Uncategorized No Comments
10Nov/080

Get Latitude Longitude From Google Maps

ever have the problem where you have a location on google maps but you need the latlong?

simply click on the url (typically maps.google.com in your address bar)

replace with the following to get the lat long in a popup

javascript:alert(window.gApplication.getMap().getCenter());

 

Filed under: Uncategorized No Comments