This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pentest tools

Hello,

does anyone know, if Sophost blocks, deletes or put into quarantine penetration testing tools, like fuzzers, exploitation tools or remote access tools?

Thanks.



This thread was automatically locked due to age.
  • Hi Jaroslav Rus,

    In General, these tools might be detected under PUA but I would require more than

    penetration testing tools, like fuzzers, exploitation tools or remote access tools

    maybe a sample/File hash details would help me in giving a definitive statement on this. 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hello Gowtham Mani,

    mostly I am concerned about:

    1) PupyRAT github.com/.../pupy

    2) TheFatRat github.com/.../TheFatRat

    Which are use to maintain access during postexploitation phase  of penetration testing.

    Secondly about Metasploit and Immunity Canvas which I use for exploitation, both tools have backdoor templates along with either directory with exploits. For fuzzing I mostly use AFL, Peach and Mutiny. All are accessible on Github except Canvas.

     

    Thanks for reply.

  • Hi Jaroslav,

    Thank you for reaching out to us. I would like to confirm that we have strong Behavior Detection signatures for Meterpreter loaded in the memory. As a test you may feel free to attack a box using TheFatRat. As soon as Sophos AV detects the shell's presence in memory, we'll kill the offending process and flag it to the user. 

    Talking about Pupy, I would say Sophos AV/Intercept X's Deep Learning would easily catch the generated payload. If it doesn't - I'm all ears! It's the undying efforts of wonderful people like who who help us get better at what we do. 

    And this is me only talking about Sophos Antivirus. If you have Intercept X, it adds several layers of security. 

    In any case, if you find that the tests are succeeding, feel free to DM me and we can take a look together! 

    Thanks,

    Vikas

    Global Escalations - Malware