Product version: COMODO Internet Security 7.0.308911.4080 BETA
2.Operating System:xp3 (x32) runing by VMware Player
3.Configuration: Default IS configuration
it is ncat tool used as backdoor acting as shell (on target ) for a server on attacker system and packed with bat.file
role of bat.file
allow command of ncat on target for connection to server through ssl encrypted package
-making regestry value for ncat which allow backdoor working after reboot
back door 2
it is encrypted python backdoor which inject powershell into memory in virtual alloc pattern using meterpreter payload
Thank you. Could you please edit your first post so that it is in the required format. Also, please attach a diagnostics report.
In addition, could you please PM me a download link for the POC? I will adhere to the rules you presented in your other bug report, and in addition I promise not to share it with any other users. I will just put a download link in the tracker so the devs can use this for testing.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
From my understanding, the devs have not been able to confirm this as a legitimate bypass. Thus, I will move this to Resolved. I will let you know if I receive an update on this status.