Reply to post:

Review: McAfee Endpoint Protection for SMB

Dan Wilkie

Try this simple test.

Use msfpayload to make an exe containing windows/meterpreter/reverse_tcp.

Does McAfee detect it? Yes. Good.

Now try the same thing with windows/x64/meterpreter/reverse_tcp.

Uh oh.

Now you have your reverse shell, migrate to a McAfee process, does it stop it? Yes, good!

Now migrate to any other process. Uh oh again.

Even MSE can catch Meterpreter if you don't try and hide it for crying out loud!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021