Advanced Process Termination provides numerous options to terminate given processes. GeSWall enforces its policy by means of kernel mode driver and termination of the processes doesn’t impose a direct threat to GeSWall. However, it is a good test for the… more »
Categories: GeSWall's Security Tests, Key Loggers, Rootkits
Network Shares Access
There is a known trick to bypass DropMyRights - using a network share on loop-back interface, e.g:
ren \\localhost\c$\windows\system32\malware.exe cmd.exe
That is limitation of remote impersonation. DropMyRights creates a restricted token which cann… more »
Posted in GeSWall's Security Tests
KeyHook demo
Keyhook is a demo keylogger. This demo uses for the global keyboard hook to intercept key strokes with keyhook.dll.
GeSWall prevents interception of key strokes in other processes. The interception prevented by disabling global hook and loading u… more »
Posted in GeSWall's Security Tests, Key Loggers
Advanced Process Manipulations
DiamondCS's Advanced Process Manipulations (APM) is an advanced process/module viewer and manipulation utility that allows flexible control over target processes.
GeSWall blocks all operations with the processes from within isolated APM
Lin… more »
Posted in GeSWall's Security Tests
RegHide
RegHide demonstrates how the Native API can be used to create object names that are inaccessible from the Win32 API. While there are many different ways to do this, the method used here it to include a terminating NULL that is explicitly made part of th… more »
Posted in GeSWall's Security Tests
XML Feeds