Re: dumping hashes on box w/ Norton AV

From: Teh Fizzgig (fizzgig@foofus.net)
Date: Thu May 10 2007 - 21:18:44 EDT


Neil wrote:
> When I tried to run fgdump against a DC with Norton AV Enterprise
> running on it, Norton AV was able to block & flag it. At the time, it
> wasn't a big deal (well, it was a good thing, since that meant the
> server was that much more secure); but now I'm a bit interested in what
> methods could be used to get around these sorts of mechanisms.
>

Curious - what version of fgdump? 1.5.0 is more evasive when it comes to
AV, and if it's still being picked up, I'm very interested to find out
by what.

--fizzgig

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT