The Adventures of AV and the Leaky Sandbox, July 25-27 2017

The Adventures of AV and the Leaky Sandbox By Black Hat July 25-27 2017

In this presentation, we describe and demonstrate a novel technique for exfiltrating data from highly secure enterprises whose endpoints have no direct Internet connection, or whose endpoints’ connection to the Internet is restricted to hosts used by their legitimately installed software. Assuming the endpoint has a cloud-enhanced antivirus product installed, we show that if the anti-virus product employs an Internet-connected sandbox in its cloud, it in fact facilitates such exfiltration.

By Itzik Kotler & Amit Klein

Full Abstract & Presentation Materials:

Good to know that Comodo reacted very quickly! :-TU

Very, very interessting and thanks for posting this!!! :-TU :wink:

:slight_smile: Thanks, if i find anything more interesting i will post it too, and pm you.

:-TU :wink: