HitmanPro.ALERT Support and Discussion Thread

Sharp observation! Keystroke Encryption is indeed under System Security but is currently only applied to web browsers since we're still working on the technology.

 

If you assign the app to the 'Browser' template, its keystrokes will be encrypted.

 

OK I see.

I wonder whay you guys think of this:

https://www.wilderssecurity.com/thre...ar-applications-aug-2014.367084/#post-2399371

 

Any explanation on the test method, not really great PR when HMP3 is outperformed by EMET 4.1

Link http://pcsl.r.worldssl.net/report/exploit/rce_mitigations_201408_en_malwarebytes.pdf

 

Yes, with disbelief we took notion of this comparative test. I will not go into details but we filed a complaint and insist on removal of our beta software from their report. Because even though this report states that they downloaded the software from the official website, our software is not even released or on our website. That is because our software is still in development, attesting the preview builds that we only post here, which only include functionality that we would like to have tested. Our software clearly states Preview and the release notes state that it is not for production environments.
In addition, the test was not done carefully. For example, the tester did not add the standalone QuickTime player to Alert's Exploit Mitigations while testing CVE-2012-0663.
Since we did not ask PCSL to include our experimental software nor gave them permission to put it up against production software, we can only belief that their client insisted on including it for no other reason than slander.

 

According to PCSL's Exploit Mitigations Test report, HitmanPro.Alert 3 CTP2 did not stop many exploits. We tested some of the exploits that we apparently 'failed' and made a video. In this video you will see CVE-2012-0663 QuickTime, CVE-2012-4792 IE8, CVE-2013-3163 IE8 and 2 x CVE-2013-1488 Java7.

PCSL's report does not give details on the used configuration, if it was a virtual environment or what kind of payloads were setup in Metasploit. So in the video you will see that the Metasploit exploit either tries to start the Windows Calculator or, in case of Java, initiate a Meterpreter Shell. The first 3 exploit attempts are blocked on the exploit technique and both Java tests are blocked on 'sandbox escape'.

Enjoy the show: https://www.youtube.com/watch?v=4re2p-Yf8dQ&feature=youtu.be

 

Hi
Markloman,Erikloman,
it is possible to perform a future test to other laboratories (AV-C..........)?
TH.

 

So when I understand it correctly, this adds 8 to the protected score, but still behind EMET4 protection wise. Even with this corrected score, this is no good PR since the report is still downloadable and available for download. I disinstalled MBAE-free

 

CTP2 and latest beta Sandboxie 4.13.2: doesn't work (Vista 32 bits).

 

Who has time to watch a movie of over an hour? I just picked a few to show that the report is bogus, not to gain points. We insisted to be removed from the report and I expect that this will happen soon.

 

Yes, it would be interesting to know why the other exploits were missed, pure from a technical point of view.

 

True, I sort of opted out the MBAE-HMPA controversy and choose for EMET 5

 

Report now states Malwarebytes ordered this test in red text. Makes you wonder of what intentions the report really had... other than just bad mouth other products. Especially when Malwarebytes wanted a technical preview of HMP.A included.

 

I guess this is what happens. Malwarebytes pays for a tests and insists to include our preview product before it is out the garage. We complain. The end user walks away. Well played.

 

... Anyway. Erik, is there any news on CTP-3?

Thanks.

 

After Malwarebytes insisted (and paid for) our development builds to be tested against production software, by a test organisation (!), we are reevaluating our stand on publishing development builds. Hope you understand.

 

Oh, OK. I'm sorry to hear that but yes I can certainly understand.

I am still keen and willing to test new versions for you should you need testers. Feel free to PM me - any time.

Cheers!

 

They should better iron out existing bugs and glitches in their own software.

 

Keep up the good work!

 

Yes, that's understandable. I would be happy to be part of a closed beta with an NDA.

 

Yeah, me too.

 

Well, EMET is not really geared toward "non expert" users, and I don´t even like it, so I will stick with MBAE and HMPA. I think that HMPA can still be successful if marketed in the right way, and if it performs well in the forthcoming tests.

 

Uh, the end user in that case walked away from MBAE, not Hitman. You conveniently left that part off...

It is sort of entertaining... but I don't understand from the Hitman perspective why you would want to push this little soap opera forward...??

 

Sorry, my trial expired allready, can't test the anti-exploit at the moment. You could try VPN to get german IP, don't know which other countries are supported from that site at the moment.

 

What about this? shouldn't be removed as well until HPA gets to the final version?

http://dl.surfright.nl/Alert-3/HitmanPro-Alert-3-Datasheet.pdf
Could you please share the test and details of EMET, HPA, and MBAE against all these exploit techniques described in the PDF?
Thanks