Comments on: New Argument Switch Attack Bypasses Windows Security Software http://www.darknet.org.uk/2010/05/new-argument-switch-attack-bypasses-windows-security-software/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Morgan Storey http://www.darknet.org.uk/2010/05/new-argument-switch-attack-bypasses-windows-security-software/#comment-162855 Morgan Storey Wed, 26 May 2010 06:47:42 +0000 http://www.darknet.org.uk/?p=2691#comment-162855 @bews: I take it as they can actually look like legit code and the Av app will let it past. So it may not disable the AV just simply bypass it. @bews: I take it as they can actually look like legit code and the Av app will let it past. So it may not disable the AV just simply bypass it.

]]> By: bews http://www.darknet.org.uk/2010/05/new-argument-switch-attack-bypasses-windows-security-software/#comment-162838 bews Fri, 14 May 2010 01:23:58 +0000 http://www.darknet.org.uk/?p=2691#comment-162838 Does this not mean that the malware or whatever has to be able to bypass the AV client to disable the AV client?? To me that means that their job was already done before they disabled the AV client with the kernel hook stuff anyway *shrugs* Does this not mean that the malware or whatever has to be able to bypass the AV client to disable the AV client??

To me that means that their job was already done before they disabled the AV client with the kernel hook stuff anyway *shrugs*

]]> By: Keane Matthews http://www.darknet.org.uk/2010/05/new-argument-switch-attack-bypasses-windows-security-software/#comment-162835 Keane Matthews Thu, 13 May 2010 14:21:02 +0000 http://www.darknet.org.uk/?p=2691#comment-162835 KHOBE (Matousec) article indicates this is attack vector is valid for all versions of Windows, up to and including Windows 7 for both 32- and 64-bit OSs. <blockquote> The research was done on Windows XP Service Pack 3 and Windows Vista Service Pack 1 on 32-bit hardware. However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack. It will work there against all user mode hooks and it will also work against the kernel mode hooks if they are installed, for example after disabling the PatchGuard. </blockquote> KHOBE (Matousec) article indicates this is attack vector is valid for all versions of Windows, up to and including Windows 7 for both 32- and 64-bit OSs.

The research was done on Windows XP Service Pack 3 and Windows Vista Service Pack 1 on 32-bit hardware. However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack. It will work there against all user mode hooks and it will also work against the kernel mode hooks if they are installed, for example after disabling the PatchGuard.

]]>