Document Title : pbdshell - bypassing heuristic detection system

Author : Lawrence Amer views : 61 Date : 2019-01-06

Description :
Attacker is able to bypass most of 96 % of anti-viruses products , heuristic detection systems including Kaspersky product pbd shell is a reverse shell allows remote attackers to execute system commands on infected computer through cmd.exe spawning shells . the method depends on socket code function written in pascal . according on tests the reverse connection is made with low user roles with no user interaction or UAC . Recommendation : 1. inspect running process frequently 2. monitor Traffic through wireshark or tcpdump ..etc Notice : the source code , or compiled version wasn't shared , or executed on users systems , the purpose of this advisory is to show impact , risks on online computers .

pbdshell from secploit on Vimeo.

Responsive image