Meterpreter_Defender
所属分类:杀毒
开发工具:Visual Basic .NET
文件大小:0KB
下载次数:0
上传日期:2019-11-20 19:39:58
上 传 者:
sh-1993
说明: Meterpreter_Payload_Detection.exe的包装器,用于将其转换为具有日志记录和电子邮件通知的可靠后台任务。,
(A wrapper for Meterpreter_Payload_Detection.exe to turn it into a reliable background task with logging and email notifications.,)
文件列表:
Documentation/ (0, 2019-11-20)
Documentation/Meterpreter_Defender.vbs_Changelog.txt (1551, 2019-11-20)
Documentation/Meterpreter_Defendere.vbs_License.txt (35149, 2019-11-20)
Documentation/Meterpreter_Payload_Detection.exe_License.txt (392, 2019-11-20)
Documentation/sendmail.exe_license.txt (10758, 2019-11-20)
LICENSE (35149, 2019-11-20)
Meterpreter_Defender.vbs (12036, 2019-11-20)
Meterpreter_Payload_Detection.exe (17920, 2019-11-20)
libeay32.dll (1112064, 2019-11-20)
sendmail.exe (932864, 2019-11-20)
sendmail.ini (1995, 2019-11-20)
ssleay32.dll (275968, 2019-11-20)
NAME: Meterpreter_Defender
TYPE: VBS Script
PRIMARY LANGUAGE: VBScript
AUTHOR: Justin Grimes
ORIGINAL VERSION DATE: 11/18/2019
CURRENT VERSION DATE: 11/20/2019
VERSION: v1.2
DESCRIPTION: An application for detecting and defending against in-memory hacking tools and exploitations.
Specifically made to detect Meterpreter based payloads.
Reports information about potential Meterpreter payload detection via email and log files.
Destroys detected meterpreter settings upon detection.
PURPOSE: To detect and mitigate Meterpreter based payloads automatically and with visibility.
INSTALLATION INSTRUCTIONS:
1. Install Meterpreter_Defender into a subdirectory of your Network-wide scripts folder.
2. Open Meterpreter_Defender.vbs with a text editor and configure the variables at the start of the script to match your environment.
3. Open sendmail.ini with a text editor and configure your email server settings.
4. Run the script automatically on domain workstations at machine startup as SYSTEM with a GPO.
NOTES:
1. This script MUST be run with administrative rights.
2. If this script is started in regular user mode, it will prompt for administrator elevation.
3. "Fake Sendmail for Windows" is required for this application to send notification emails. Per the "Fake Sendmail" license, the required binaries are provided.
4. To reinstall "Fake Sendmail for Windows" please visit https://www.glob.com.au/sendmail/
5. Use absolute UNC paths for network addresses. DO NOT run this from a network drive letter. The restartAsAdmin() function will not work properly.
6. If using as a startup/logon script it is advised to use a conditional that checks for the prescence of the script prior to running it.
7. "Meterpreter_Payload_Detection.exe" by Damon Mohammad Bagher is required and included with this application.
8. To reinstall "Meterpreter_Payload_Detection.exe" please visit https://github.com/DamonMohammadbagher/Meterpreter_Payload_Detection
9. For a really interesting blog post about detecting Meterpreter Payloads, please visit https://www.linkedin.com/pulse/detecting-meterpreter-undetectable-payloads-scanning-mohammadbagher/?trk=pulse_spock-articles
近期下载者:
相关文件:
收藏者: