1/4
Popping shells from #antivirus via SMTP proved extraordinarily tedious in 1997-1999. I put eyeballs on Eric Issacson's "D86" debugger to determine how many NOPs to pad -- often different values because AV firms secretly slipped software patches inside "signature updates"
Popping shells from #antivirus via SMTP proved extraordinarily tedious in 1997-1999. I put eyeballs on Eric Issacson's "D86" debugger to determine how many NOPs to pad -- often different values because AV firms secretly slipped software patches inside "signature updates"
https://twitter.com/vmyths/status/1285577252340629505
2/4
Then, of course, you've got to build an "unanticipated attachment" so the #antivirus will puke when it scans email
Things like a ZIP file w/ zero files in it ... or a file larger than their own hard limit (while hoping it didn't exceed the disk drive's limit) ... and so on
Then, of course, you've got to build an "unanticipated attachment" so the #antivirus will puke when it scans email
Things like a ZIP file w/ zero files in it ... or a file larger than their own hard limit (while hoping it didn't exceed the disk drive's limit) ... and so on
3/4
And people would ask "why did some #antivirus have hard limits on file size?"
Well, at least one AV product needed hard limits so they didn't CRIPPLE mail delivery.
A hard-coded limit meant you'd get *past* it to the mail server that used a different vendor's product...
And people would ask "why did some #antivirus have hard limits on file size?"
Well, at least one AV product needed hard limits so they didn't CRIPPLE mail delivery.
A hard-coded limit meant you'd get *past* it to the mail server that used a different vendor's product...
4/4
Oh! And MTAs enforced a 10MB attachment limit back then so everybody used ZIPs to get around it. #Antivirus knew this and scanned recursive ZIPs.
You could recurse 9GB of .exe files into a 9.1MB attachment -- useful if you just wanted the AV to crash WinNT on a 9GB SCSI 👹
Oh! And MTAs enforced a 10MB attachment limit back then so everybody used ZIPs to get around it. #Antivirus knew this and scanned recursive ZIPs.
You could recurse 9GB of .exe files into a 9.1MB attachment -- useful if you just wanted the AV to crash WinNT on a 9GB SCSI 👹
5/4
I recalled this from 23yr-old memories so the technical details might be a bit off but I know you'll get the gist of it
FYI, #antivirus technology was primitive back then; I learned there was an unwritten law that forbid hackers to exploit AV products even as a PoC
I recalled this from 23yr-old memories so the technical details might be a bit off but I know you'll get the gist of it
FYI, #antivirus technology was primitive back then; I learned there was an unwritten law that forbid hackers to exploit AV products even as a PoC
• • •
Missing some Tweet in this thread? You can try to
force a refresh
