Here's a complete list of unhackable software
Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams' lives easier by giving them a clue about whether or not Cobalt Strike traffic across …
...I was recently told by a software vendor (in their T&C) when testing their new AV to "Not upload their installer to VirusTotal". I thought that was suspicious so asked why not. Turns out, which I never knew and then confirmed when I looked it up (and mentioned in this article). Anyone with a specific subscription and varified by VirusTotal, can download anything that is submitted to VirusTotal. The AV vendor doesn't want the software contained in the installer getting into the hands of competitors (probably still a poor argument as if their competitor wanted to do that. They'd just pretend to be a fake customer).
.. Or maybe they just didn't have added yet the anti-debug tricks, obfuscation, encryption to their Anti-Virus code.
It used to be surprisingly simple to "patch" AV code in memory in the 90's to avoid samples scanning. Nowadays, generally speaking, a bit harder. With windows defender, a bit easier.
Biting the hand that feeds IT © 1998–2021