This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Home Misses a Simulation

I ran a simulation from Barkley which is their Stackhackr test tool. I used the payload where it simulates stealing personal info like credentials from active LSASS processes. Sophos Home missed the file and the behaviour components missed the simulated active process. this may need some further investigation since this looks like a serious vulnerability.

 

Here is the exact test file: *Malicious content Removed*



This thread was automatically locked due to age.
Parents
  • Hi Enrick,

    Thank you for sharing this information. We encourage people to test our products and give feedback. 

    I have checked this utility and would have to say that it's not a fair test to be honest. If the test is indeed passing, I would expect the developer to give some sort of proof that they were able to extract some/all the information in the LSASS memory space, but in this case there's only a test e-mail page. 

    I have thoroughly tested our Credential Theft Protection module around a case wherein I fired a series of attacks on LSASS remotely using Kali Linux and they all failed to give me something useful. 

    We even recently published a KBA - Sophos Intercept X: How to deal with CredGuard Detection

    I'm more than happy to check any other test that our product may be failing at! Feel free to PM me anytime. 

    Thanks,

    Vikas

Reply
  • Hi Enrick,

    Thank you for sharing this information. We encourage people to test our products and give feedback. 

    I have checked this utility and would have to say that it's not a fair test to be honest. If the test is indeed passing, I would expect the developer to give some sort of proof that they were able to extract some/all the information in the LSASS memory space, but in this case there's only a test e-mail page. 

    I have thoroughly tested our Credential Theft Protection module around a case wherein I fired a series of attacks on LSASS remotely using Kali Linux and they all failed to give me something useful. 

    We even recently published a KBA - Sophos Intercept X: How to deal with CredGuard Detection

    I'm more than happy to check any other test that our product may be failing at! Feel free to PM me anytime. 

    Thanks,

    Vikas

Children