Document Title : pbdshell - bypassing heuristic detection system
Author : Lawrence Amerviews : 61Date : 2019-01-06
Attacker is able to bypass most of 96 % of anti-viruses products , heuristic detection systems including Kaspersky product
pbd shell is a reverse shell allows remote attackers to execute system commands on infected computer through cmd.exe spawning shells .
the method depends on socket code function written in pascal . according on tests the reverse connection is made with low user roles with no user interaction or UAC .
1. inspect running process frequently
2. monitor Traffic through wireshark or tcpdump ..etc
the source code , or compiled version wasn't shared , or executed on users systems , the purpose of this advisory is to show impact , risks on online computers .