Meterpreter_Payload_Detection icon indicating copy to clipboard operation
Meterpreter_Payload_Detection copied to clipboard

Published 20 hours ago verified publisher icon DamonMohammadbagher

Signature?

Open vvalien opened this issue 8 years ago • 2 comments

Not a issue, just a question... What exactly is that a signature of ???

Also the ability to dump the memory would make a nifty feature.

Cheers and Awesome work!!!

vvalien avatar Dec 19 '16 03:12 vvalien

for detail information about signature you should ask from these guys : Rohan Vazarkar , David Bitner ,

DamonMohammadbagher avatar Dec 19 '16 04:12 DamonMohammadbagher

Hello!

I too am greatly interested in this project as well as AntiPwny (by Rohan Vazarkar and David Bitner).

I wanted to give you guys the heads up that I have asked a similar question about this signature over at https://github.com/rvazarkar/antipwny/issues/3

It appears that Meterpreter_Payload_Defense took the original signature, shortened the hex to omit the "0x" portion, and encoded it as base64. The original signature from Rohan Vazarkar and David Bitner doesn't have much in the way of comments or background information either. It would be interesting to know where it came from so we could possibly hone it in, or extend it to detect other injected payloads as well.

Thanks for posting!

zelon88 avatar Jan 10 '20 19:01 zelon88