Detection testing :-
The type of malicious behavior we are interested in testing is basically malicious drive-by download infections from exploit kits (Blackhole Exploit Kit, Phoenix, Incognito, Eleonore, Sakura, etc.). These type of exploit kits incorporate a variety of exploits for different vulnerable applications such as the browsers themselves, Java, Acrobat Reader, etc.
Testing Setup -:
We recommend running detection tests under a Virtual Machine. To ease detection testing beta testers might want to create a VM with older versions of vulnerable applications (IE, FF, Java, WMP, Acrobat, etc.) which can be downloaded from oldapps.com.
In order to test exploits we recommend visiting exploit kits in-the-wild. Every day we post some fresh exploit kit URLs in our Malicious / Drive-by URLs forum. Note that in-the-wild URLs are short-lived, thus only a handful of the most recent entries might try to infect reliably. In order to test ExploitShield more reliably against vulnerability exploits we recommend using Metasploit. In order to reproduce in-the-wild exploits from drive-by Exploit Kits, the “windows/download_exec” payload should be used under Metasploit. To join the ExploitShield Corporate Edition private beta which blocks meterpreter and reverse shells type payloads please contact us.
What Not To Test :-
Usability testing :-
Usability testing encompasses using a shielded application while ExploitShield is running and using all its features to make sure no adverse effect is noticed. Testers should click and use all possible options of the shielded application, especially updating and upgrading of the applications.
What Not To Test :-
ExploitShield blocks exploitation of vulnerabilities by shielding applications. We do not intend to replace the antivirus or security suite but rather to complement and enhance it. Therefore manually downloading and executing a PE file (EXE, DLL, etc.) is not a valid test as it is the job of the antivirus to detect malicious binaries. The only exception are maliciously crafted PDF/DOC/XLS/PPT/etc documents that do exploit vulnerabilities in the host application (Acrobat Reader, Microsoft Word, Excel, etc.) and which should be blocked byExploitShield Corporate Edition upon execution.
Usability testing :-
Usability testing encompasses using a shielded application while ExploitShield is running and using all its features to make sure no adverse effect is noticed. Testers should click and use all possible options of the shielded application, especially updating and upgrading of the applications.
The list of applications we are interested in testing are the following :-
-Web browsers (Internet Explorer, Firefox, Chrome, Opera)
- Media players (Windows Media Player, VLC, QuickTime, Winamp)
- Microsoft Office (Word, Excel and Powerpoint)
- PDF readers (Adobe Acrobat, Reader & Foxit Reader)
Download ExploitShield Setup
Minimum installation requirements
Current version: 0.7 beta
Beta software is designed for experienced users only.
IMPORTANT: requires a logged in administrative account.
Windows 8, Windows 7, Windows Vista or Windows XP.
ExploitShield runs as both 32bit and native 64bit.
Hard disk space: 10MB
Source -
http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/
http://www.zerovulnerabilitylabs.com/home/
For more information - Latest attacks blocked by ExploitShield
-Web browsers (Internet Explorer, Firefox, Chrome, Opera)
- Media players (Windows Media Player, VLC, QuickTime, Winamp)
- Microsoft Office (Word, Excel and Powerpoint)
- PDF readers (Adobe Acrobat, Reader & Foxit Reader)
Download ExploitShield Setup
Minimum installation requirements
Current version: 0.7 beta
Beta software is designed for experienced users only.
IMPORTANT: requires a logged in administrative account.
Windows 8, Windows 7, Windows Vista or Windows XP.
ExploitShield runs as both 32bit and native 64bit.
Hard disk space: 10MB
Source -
http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/
http://www.zerovulnerabilitylabs.com/home/
For more information - Latest attacks blocked by ExploitShield
0 comments:
Post a Comment