Please PM me a description of the exploit, and any relevant files, and I will pass these on to Comodo. Note that to do this you should upload any relevant files to a file sharing site, as it’s not possible to attach files to a PM.
By the way, I am not an employee of Comodo. I am a volunteer Moderator, but I can forward these to the developers.
The “reward” is to help all COMODO community to keep them protected.
COMODO gives a superior product FOR FREE, while other PAID products are not as good as they say they are.
It’s all about win/win. COMODO provides for free to any users, and we collaborate for free to COMODO when we find bugs, exploits, etc. This make the product stronger and we are also helping to protect OURSELVES even better.
If you want Comodo to consider buying your exploit. There going to want a detailed description especially since most of the people that claim “big exploit” are not really a big exploit and in some cases their fake. Using the search feature in the comodo forums will show you some of that
One of the things there going to want to know is what configurations are you referring to and Which windows is it (32 or 64x) (XP, Vista, 7,8 8.1)
some examples: Will it only work under default only. Do you have to infect the computer first before installing comodo. Can you make a video showing what your talking about
Will it work with proactive settings?
Will it work with Hips set as “paranoid mode”
Can it breakout of the sandbox, if so how far (Partily Limited, Limited, Restricted, Untrusted and or Fully Virtualized
You get the idea
P.S. Some ransomware can bypass the sand box only “partially limited” but not limited. They are aware of this situation
who should know about it ? and is there a reward ?
First, at the video it pauses around 1:14. Screen shows 2 block intrusions. Then in a blink there gone. Would that be from dns changes? <---but that the least of the issue
Why did you disabled HIPS?? Comodo is geared more business security. Business use Hips. As For Customer software, most people have CIS in default settings. Why strip down the settings. Think of it from the other way around, most people leave there setting at default or the tweak it (tweak it as it increase security) As for on blocking online cloud analysis, I fully understand why blocking online cloud scanning :-La
The only thing I see is a RAT thats been recrypted, maybe new binder, whatever. That’s just so it doesn’t get flagged by an AV.
I’m all for you making money on this, but you haven’t showed anything. If its because its a public forum, then you PM me your exploit also your going to need someone to vouch for you. I will vouch for you when you prove it (). (Theres no way you can possibly be considered getting paid, if your work cant be verified, It’s just like the underground hacking scene.
Also If it comes down to you not going to prove it, Im going to assume your a ripper and this thread will get locked.
Thread reopened to due to response back from author. If you havent read the whole thing from the begining, I put the youtube video link back
Futhers,
I would strongly recommending giving a PM to “Egemen” to discuss. I believe it would be licenses for CIS Complete and/or Trustconnect. I would PM Egemen as what can actually be done though
Ok lets see what this issue is about.
However in the future, the ethical way to follow would be reporting the vulnerability to us in private, let us fix the issue and issue the update before you disclose the vulnerability.
This way we will be able to protect the customers before they are exploited. And in the updates, we will officially thank and credit you.
This is an unwritten rule in the security industry and its the best path to follow. You can PM me on these any time.
IDK if it is correct to write here. I just wanna say that Malwarebytes Anti-Exploit BETA has “mbae-test.exe” (at least 0.9.4.1000 beta had it) which is kinda “eicar” for checking antiexploits. EMET detects it as “EAF”. CIS even in paranoid doesn’t detect it. Maybe it help.