Search found 21 matches

by stvs
Mon May 13, 2013 4:22 pm
Forum: Beta Version 4.01
Topic: [.09] Drop Rights problem / Chrome PDF issues
Replies: 13
Views: 10483

thanks tzuk :D so we dont need drop rights anymore!
by stvs
Sun May 12, 2013 6:46 pm
Forum: Beta Version 4.01
Topic: [.09] Drop Rights problem / Chrome PDF issues
Replies: 13
Views: 10483

i have exactly the same problem too
by stvs
Wed Apr 10, 2013 2:10 pm
Forum: Beta Version 4.01
Topic: [.05] Major slowness with 4.01
Replies: 22
Views: 16057

confirmed. 4.01.05 is faster than previous 4.01.x i had also some slowness issues too.tnx tzuk
by stvs
Wed Mar 20, 2013 11:29 pm
Forum: Problem Reports
Topic: Using kernel exploits to bypass Sandboxie
Replies: 5
Views: 5212

hi. actualy is the windows weak t2embed.dll true type font engine vulnerability and not a sandboxie weak architecture duqu (stuxnet family) can explot exactly that to access kernel to bypass all(?) security programs a temporary workaround is :Resource Access > File Access > Blocked Access and add c:...
by stvs
Mon Mar 18, 2013 2:53 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

thanks tzuk ,buster and all of you for your efforts about our beloved sandboxie :) BTW 4.01.04 is runnning smoothly win 7 64 bit
by stvs
Sun Mar 17, 2013 11:54 am
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

finaly a POC ,this will help for sure thanks buster :)
by stvs
Sat Mar 16, 2013 9:30 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

UPDATE: trojan gabz cant run in my sandboxie 3.76 64 bit maybe its sandboxie aware but i dont care :D
but is this the real trojan tha buster mentioned? :roll:
by stvs
Sat Mar 16, 2013 9:01 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

theoretically as tzuk said the sandboxie will isolate it perfectly i just received a sample of that trojan and i will try it in the real sytem :twisted: i hope its the right trojan as buster mentioned i want to see if the SetWindowLong and SetWindowLongPtr can be used to bypass sandboxibe be patient...
by stvs
Sat Mar 16, 2013 7:40 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

hi . as tzuk said "I would like to revise my earlier comments about this. I was reading up on this a bit and it seems that a process can't use SetWindowLong (or SetWindowLongPtr) to adjust the window procedure address for a window which belongs to another process. " according tzuk the gabz cant work...
by stvs
Sat Mar 16, 2013 7:03 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

confirmed: its a gabz family variant B and injecting a shellcode into explorer.exe address space how it works: http://www.welivesecurity.com/2012/12/27/win32gapz-steps-of-evolution/ it uses 5 steps 1. Open one of the shared sections from BaseNamedObjects mapped into explorer.exe address space, and w...
by stvs
Sat Mar 16, 2013 12:05 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

This is variant B. I have this malware sample and I will test it soon. Thanks!
might SE7EN can help here
by stvs
Sat Mar 16, 2013 9:44 am
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

indeed after Peter2150 comments i think something strange is happening here :roll:
by stvs
Sat Mar 16, 2013 6:53 am
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

anyway buster said sbie 3.76 and 4.01 is vulnerable and due to security reasons my opinion is to inform users til the fixed release
by stvs
Thu Mar 14, 2013 6:56 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

sorry buster my bad i was in a hurry :) do u know if this can work in 4.0.3 too?
by stvs
Thu Mar 14, 2013 5:57 pm
Forum: Problem Reports
Topic: Sandboxie bypassed
Replies: 91
Views: 30068

nice find but its a serious issue how come an old trick (2008) can still work in the new releases
so for a 5 years a go users had a false sence of security??
this topic worth a high attention !!