Evasion with OLE2 Fragmentation
Posted by H D Moore on May 15
Something to keep in mind when using Office doc exploits during
penetration tests:
–
http://www.breakingpointsystems.com/community/blog/evasion-with-ole2-fragmentation
(links active within in the article itself)
Re: Evasion with OLE2 Fragmentation
Posted by Jeffrey Walton on May 16
> Its embarrassing that so many products fail to detect
> known threats that have the exact same byte stream…
Try the EICAR test string using an arbitrary location within the file
(rather than starting at offset 0). Only four scanner engines on
VirusTotal.com detected the string when…
URL: http://seclists.org/pen-test/2009/May/0048.html