Exploitshield?

How many of you are still using this product? I read through the post awhile ago about it and decided to watch some videos and I have it installed now. the only problem is i've been trolling signatures and ive noticed that no one is really using it, why is this? from the day ive been using it I really like it (I know its been intergrated into panda cloud, atleast I believe it has been )

 

No, it is not integrated into PCA, as they are two totally different programs and this was verified by the ES dev. The beta tag probably keeps more from using it.

 

Thanks for the clarrification, I didnt see where I dev. replied. More people should give it a try though even with the "Beta" tag. It's running smooth as silk on my system. There has been some POC bypasses of it just like there has been for ERP but for the most part (and by most I meann 99% it works.

 

I like it too. Here's pbust's reply regarding PCA: https://www.wilderssecurity.com/showpost.php?p=2152496&postcount=10

 

I'm kind of wondering what it offers compared to EMET, as they both seem to protect against exploits.

 

Can applications be manually added to the free version just like EMET.?

 

I would say that EMET is system wide, where ES (at least the browser edition that we use) protects the browser.

 

Name seems misleading. They say it protects against exploits, but I don't really see that. Not interested in having a big argument about it though.

I'd rather EMET, though they're two *completely* different programs.

 

http://www.zerovulnerabilitylabs.com/home/exploitshield/
http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/

Yes of course "ExploitShield Browser Edition" is totally misleading.

You don't see what? first, do you know what is an exploit and how it works?
http://www.zerovulnerabilitylabs.com/home/blog/

http://download.cnet.com/8301-2007_4-57521983-12/exploitshield-appears-to-live-up-to-its-name/

 

I'm quite sure I know what an exploit is and how it works. I'd be more than willing to bet I know more about it than you do, actually, but I'm just too nice to go into that.

Again, I find the name misleading and absolutely nothing you've posted changes that. In the ExploitShield topic I already posted that I would consider preventing stage 1/2 payloads as preventing an exploit, whereas ExploitShield really only kicks in at the end of an attack with the final payload. It was already brought up in the other topic that it doesn't prevent shellcode.

I'm glad to see how effective marketing can be, though. Always nice to be reminded.

I'm working on other projects right now (CCDC) but afterwards I think I'll have my team look at ExploitShield in depth. I'll run it by them, and see if they'd be interested in publishing something formally. A whitehat security firm already did an analysis - I find ExploitShield's response lacking, as they focused on noncritical areas, and the criticism from the whitehat security firm was dead on in that it was a misunderstanding of what "exploit" means.

 

Summarizing ExploitShield really stop the exploit

 

I'll add it to my setup when it's had a chance to mature. I'm not against beta testing, but I really would prefer a pro version with more "corporate" features.

 

ExploitShield intercepts the chain of events of most web based intrusions. This can be achieved with other means also, and the API's monitored by ES are not the only ones a malware can use.

That said when it would mature I would certainly put it on the PC's of an average Joe or Jane, side by side with HitmanPro Alert (when it will arrive).

 

ExploitShield intercepts the chain of events of most web based intrusions. The API's monitored by ES are not the only ones a malware can use.

That said when it comes out of Beta, I would certainly put it on the PC's of an average Joe or Jane, side by side with HitmanPro Alert final