Killed cfp.exe demonstration video by mj0011

[Guest]

[sirio]

http://www.wilderssecurity.com/showthread.php?p=1567985#post1567985

Video download: http://e.ys168.com/note/fd.htm?http://ys-G.ys168.com/?killcis.rar_50chkk8e1dks7bkks0c0bthsjtlrlllh5bikslm1biu14z97f14z

click on left button and download killcis.rar

[Kyle]

Already posted here earlier.
http://forums.comodo.com/empty-t47132.0.html;topicseen

[sirio]

Sorry, I had not attentively looked.

Thanks Kyle

[SS26]

Video download: http://e.ys168.com/note/fd.htm?http://ys-G.ys168.com/?killcis.rar_50chkk8e1dks7bkks0c0bthsjtlrlllh5bikslm1biu14z97f14z

click on left button and download killcis.rar

Drops an error on screen.  Not downloading.....

[sirio]

Have you tried to download it with Internet Explorer?

In the case you still had problems, I attach the file.

There are some things that make me be sceptic. For example, why CIS is not correctly (attached screen) initialized while him is performing the test?

[3DNow]

because before test cfp.exe , he was kill cmdagent.exe with killcis.exe the first.
However, process protection is still at work

[sirio]

because before test cfp.exe , he was kill cmdagent.exe with killcis.exe the first.

Ok, why he doesn't make it see?

However, process protection is still at work

I imagined...

Have you the PoC?

[evil_religion]

If you have acccess to the POC it would be nice if you could share it here.

[3DNow]

I'll give you some tips:
(1). in the video , the cfp.exe process is not quickly terminated , so this may be a force attack and depending on some mechanism inside the process
(2).CIS's driver donot hook the function :NtFreeVirtualMemory , which can be use to free all the memory in any process.

[sirio]

Thank you for the tips 3DNow,
I'm a person simple, ignorant.. and then I am as San Thomas: if I don't see I don't believe
I would like to try in my pc.

My doubt remains: why he doesn't show us in the video when cmdagent comes killed?


Regards.

[SS26]

Have you tried to download it with Internet Explorer?

Nope.

I attach the file.

Thanks

[egemen]

I'll give you some tips:
(1). in the video , the cfp.exe process is not quickly terminated , so this may be a force attack and depending on some mechanism inside the process
(2).CIS's driver donot hook the function :NtFreeVirtualMemory , which can be use to free all the memory in any process.

You dont need to hook NtFreeVirtualMemory because you have to obtain PROCESS_VM_OPERATION access right to COMODO processes first and this is intercepted by CIS.
Obviously one doesnt produce videos for getting the credit. He will have to do something real.
When we see the PoC, we will see what this is about Poking our products for holes is always a good thing.

[3DNow]

oha,if your useless NtOpenProcess hook is bypassd,you still can say that?i have told u i only give u some tips..now u can still believe u open hook is unbreakable.haha

[egemen]

oha,if your useless NtOpenProcess hook is bypassd,you still can say that?i have told u i only give u some tips..now u can still believe u open hook is unbreakable.haha

Oh you scared me now

[commanding the celsius]

Providing a video but not the tool gives you pretty much the same credibility as a magician you see on tv able to turn water into gold.. I don't buy it, until they made me some.. 

Anyone can crash anything in a video.. Heck I could even be the president of the united states in a video, don't believe everything you see, especially when it can't be confirmed..   

I buy this "crash" when I see a PoC..

Until then this video is just purely trolling.. Anyone believing something else probably needs his/her mind checked..

[Tags:]