{"id":418,"date":"2018-10-14T14:13:13","date_gmt":"2018-10-14T12:13:13","guid":{"rendered":"http:\/\/pentester.blog\/?p=418"},"modified":"2020-05-21T19:50:35","modified_gmt":"2020-05-21T17:50:35","slug":"programmation-dun-reverse-shell-qui-passe-a-travers-symantec-windows-10","status":"publish","type":"post","link":"https:\/\/hacktarus.fr\/?p=418","title":{"rendered":"Programmation d&rsquo;un reverse shell qui passe \u00e0 travers Symantec (Windows 10)"},"content":{"rendered":"<p>Dans la foul\u00e9e de mon <a href=\"http:\/\/hacktarus.fr\/?p=398\">pr\u00e9c\u00e9dent post<\/a> sur le contournement de Windows Defender, j&rsquo;ai voulu test\u00e9 un antivirus disposant de protections plus avanc\u00e9es.<\/p>\n<p>J&rsquo;ai donc choisi la derni\u00e8re version de Symantec qui int\u00e8gre des fonctions de d\u00e9tections r\u00e9seaux (pare-feu et d\u00e9tection d&rsquo;intrusions), d&rsquo;un module heuristique et surtout d&rsquo;un module d&rsquo;analyse comportemental appel\u00e9 SONAR.<\/p>\n<p>Apr\u00e8s quelques essais infructueux, j&rsquo;ai finalement trouv\u00e9 un moyen assez simple de programmer un reverse shell qui n&rsquo;est d\u00e9tect\u00e9 par aucun des modules de protection de Symantec&#8230;<\/p>\n<p>Ci-joint une vid\u00e9o de d\u00e9monstration :<\/p>\n<p>NB : Symantec est alert\u00e9 et j&rsquo;attends leur retour avant de publier le code source.<\/p>\n<p>Mise \u00e0 jour du 23\/10\/2018, Symantec m\u2019a r\u00e9pondu :<\/p>\n<p><em>Thank you again for contacting us with this information.<\/em><\/p>\n<p><em>Our teams have reviewed this and it appears it is a simple missed detection. The Symantec Threat Intel team has created a detection signature for this issue which should now be live that should mitigate the problem and ensure detection by our software.<\/em><\/p>\n<p><em>We appreciate you taking the time to provide us with this information. If you have any questions or would like to submit any additional information for review, feel free to email us at secure@symantec.com.<\/em><\/p>\n<p><em>Thanks and kind regards,<\/em><\/p>\n<p>Le code source est maintenant disponible sur mon Github,\u00a0<a href=\"https:\/\/github.com\/kahlon81\/ReverseShell-Bypass-Symantec\">https:\/\/github.com\/kahlon81\/ReverseShell-Bypass-Symantec<\/a><\/p>\n<div style=\"width: 660px;\" class=\"wp-video\"><video class=\"wp-video-shortcode\" id=\"video-418-1\" width=\"660\" height=\"371\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"http:\/\/hacktarus.fr\/wp-content\/uploads\/2018\/10\/MyReverseShellBypassSymantec.mp4?_=1\" \/><a href=\"http:\/\/hacktarus.fr\/wp-content\/uploads\/2018\/10\/MyReverseShellBypassSymantec.mp4\">http:\/\/hacktarus.fr\/wp-content\/uploads\/2018\/10\/MyReverseShellBypassSymantec.mp4<\/a><\/video><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dans la foul\u00e9e de mon pr\u00e9c\u00e9dent post sur le contournement de Windows Defender, j&rsquo;ai voulu test\u00e9 un antivirus disposant de protections plus avanc\u00e9es. J&rsquo;ai donc choisi la derni\u00e8re version de Symantec qui int\u00e8gre des fonctions de d\u00e9tections r\u00e9seaux (pare-feu et d\u00e9tection d&rsquo;intrusions), d&rsquo;un module heuristique et surtout d&rsquo;un module d&rsquo;analyse comportemental appel\u00e9 SONAR. Apr\u00e8s quelques &hellip; <a href=\"https:\/\/hacktarus.fr\/?p=418\" class=\"more-link\">Continuer la lecture de <span class=\"screen-reader-text\">Programmation d&rsquo;un reverse shell qui passe \u00e0 travers Symantec (Windows 10)<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-418","post","type-post","status-publish","format-standard","hentry","category-pentest"],"_links":{"self":[{"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/posts\/418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=418"}],"version-history":[{"count":18,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/posts\/418\/revisions"}],"predecessor-version":[{"id":630,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=\/wp\/v2\/posts\/418\/revisions\/630"}],"wp:attachment":[{"href":"https:\/\/hacktarus.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hacktarus.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}