NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    So even further locking down estabilished policies againt credential dump with OSA and ERP will not help against Mimikatz (I checked and I should be immune to it), because the attackers could still import registry settings and bypass everything via API? Pardon me but this is complicated, I will not understand everything right after your forum post, thats why I am grateful you are here helping me

    some rules I wrote:
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
    00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
    6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,74,\
    00,73,00,70,00,6b,00,67,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,credssp.dll"
    rem import via cmd
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe" /v AuditLevel /t REG_DWORD /d 00000008 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v RunAsPPL /t REG_DWORD /d 00000001 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v Negotiate /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v UseLogonCredential /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v DisableRestrictedAdmin /d 0 /t REG_DWORD /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v DisableRestrictedAdminOutboundCreds /t REG_DWORD /d 00000001 /f
    reg add "HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon" /v CachedLogonsCount /t REG_SZ /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v NtlmMinClientSec /t REG_DWORD /d 20080000 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v NtlmMinServerSec /t REG_DWORD /d 20080000 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v everyoneincludeanonymous /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LMCompatibilityLevel /t REG_DWORD /d 5 /f
    rem logon
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableCAD /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters" /v DisablePasswordChange /t REG_DWORD /d 1 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters" /v RequireStrongKey /t REG_DWORD /d 1 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters" /v RequireSignOrSeal /t REG_DWORD /d 1 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters" /v SignSecureChannel /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v undockwithoutlogon /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters" /v SealSecureChannel /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v BlockDomainPicturePassword /t REG_DWORD /d 1 /f
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI" /v EnableSecureCredentialPrompting /t REG_DWORD /d 1 /f
    reg add "HKLM\Software\Policies\Microsoft\Windows\CredUI" /v DisablePasswordReveal /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v dontdisplaylastusername /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v CachedLogonsCount /t REG_SZ /d 0 /f
    net accounts /MINPWLEN:20 /MAXPWAGE:30 /MINPWAGE:29 /UNIQUEPW:3
    net accounts /LOCKOUTTHRESHOLD:3
    net accounts /LOCKOUTDURATION:70
    net accounts /LOCKOUTWINDOW:70
    rem no storage for domain password
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v disabledomaincreds /t REG_DWORD /d 1 /f
    checked with this:
    wmic useraccount list full
    net accounts
    reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential
     
    Last edited: Jun 4, 2019
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    ERP and OSA as anti-exe, just block EXE's, how can they protect you against malicious dll/drivers/reg files?
    And how can they stop in-memory exploitations when they can't even monitor the memory.
    Note that if a kernel exploit is used, nothing except a patch from MS can block the attack.

    I have to use OSA to implement the blocking of a huge list of LOLbins and folders, because my main security application is limited in number of entries.
     
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    so what would you recommend, Excubits? or HMPA (I was about to buy it anyway), I already have "solid" in my opinion firewalls. I have Eset advanced firewall, simple wall (they work perfect in tandem: I know I should not use 2 but this is because of VM that corrupts software, anyway too complicated to explain now) and Asus router with latest firmware: it does some Trend micro scans and has IDS at least. I was thinking about pfsense but I saw CVE vulnerabilities and maybe too much for a home user
     
    Last edited: Jun 4, 2019
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    Excubits stuffs, lack of GUI, all is done via command lines, can be rebuking.

    HMPA is the more user-friendly but may impact performance and generate some FPs (note I was beta tester for them but I decided to ditch it, I don't really need it).

    I think HMPA would be better, it has some side handy features.
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
    They can protect against the common ways that dlls and drivers are loaded, although they don't monitor the dlls and drivers themselves.

    Excubits Bouncer does not need to be configured by command line, you just write rules in a txt file, that's all. But if you want Bouncer to monitor dlls, it slows down performance, and it is extremely frustrating to get the dll rules to work right. Not worth it, in my opinion.
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    Just the common ways are not enough to me.
    When i set up a security strategy, I plan for the worst attack vector.
     
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    I am already covered on keylogging and bad usb/usb worms through Binisoft and Panda Usb Vaccine, plus these policies:
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" /v "Deny_Execute" /t "REG_DWORD" /d "1" /f
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
    reg add "HKLM\Software\Policies\Microsoft\Windows\Explorer" /v NoAutoplayfornonVolume /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /ve /t REG_SZ /d "@SYS:DoesNotExist" /f

    then why you recommend it? I'll explain. There must be a better software you are using or you have found the right balance, can you tell me more about it?
     
    Last edited: Jun 4, 2019
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    Because it is just the most comprehensive anti-exploit and quite simple to use.

    I ditched it because i use Windows Exploit Guard and Appguard Enterprise. HMPA would be redundant.
    Also, I want to limit the number of sec softs I am using. Quality not quantity.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    that might be the only difference. I am home user, could be hard to get Appguard enterprise. Problem is WD has no web component (antipishing), protocol filter, https://docs.microsoft.com/en-us/wi...l-windows-defender-advanced-threat-protection this is only for PRO, I am home, so I have a small problem if using your setup..

    I can't just jump to pro since I use heavily modifed iso versions with NTLite and similar

    full settings are here, what is essential? ASLR works only at startup so its no use imo for long running programs
    powershell.exe Set-Processmitigation -System -Enable DEP,EmulateAtlThunks,ForceRelocateImages,RequireInfo,BottomUp,HighEntropy,StrictHandle,DisableWin32kSystemCalls,AuditSystemCall,DisableExtensionPoints,BlockDynamicCode,AllowThreadsToOptOut,AuditDynamicCode,CFG,SuppressExports,StrictCFG,MicrosoftSignedOnly,AllowStoreSignedBinaries,AuditMicrosoftSigned,AuditStoreSigned,EnforceModuleDependencySigning,DisableNonSystemFonts,AuditFont,BlockRemoteImageLoads,BlockLowLabelImageLoads,PreferSystem32,AuditRemoteImageLoads,AuditLowLabelImageLoads,AuditPreferSystem32,EnableExportAddressFilter,AuditEnableExportAddressFilter,EnableExportAddressFilterPlus,AuditEnableExportAddressFilterPlus,EnableImportAddressFilter,AuditEnableImportAddressFilter,EnableRopStackPivot,AuditEnableRopStackPivot,EnableRopCallerCheck,AuditEnableRopCallerCheck,EnableRopSimExec,AuditEnableRopSimExec,SEHOP,AuditSEHOP,TerminateOnError,DisallowChildProcessCreation,AuditChildProcess

    reptoline:
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400 /f
    which replaced (reptoline should be faster):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    chrome mitigation:
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe" /v MitigationOptions /t REG_QWORD /d 8589934592 /f
    and new hardware:
    The new K-series 9th-gen CPUs received protection against Meltdown V3, Spectre V2, ZombieLoad, Foreshadow or L1 terminal fault exploit.

    We are still discussing OS Armor here, only we need to protect it against the exploit online vector as pointed out by Umbra

    it was a misunderstanding, I did not know you were talking about online fileless attacks, now I know, I am sorry and I'll try not to make this mistake again
    thats the main problem, nobody implements it and nobody wants to hear about it, hackers might exploit this fact, but I can see that statistically exploits are in decline (globally, versus threats such as crypto coin miners, rootkits are on the rise 2)
     
    Last edited: Jun 4, 2019
  10. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    @Umbra so external PowerShell scripts from a launcher can be executed remotely even if PowerShell is fully restricted and locked down by IWR (SRP rules), OS armor/Exe Radar Pro (and similar)
    rem block PS and related
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "cmd.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "powershell_ise.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "3" /t REG_SZ /d "powershell.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "4" /t REG_SZ /d "calc.exe" /f
    netsh.exe advfirewall firewall add rule name="Block calc.exe" program="%systemroot%\system32\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any
    powershell.exe Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2 -norestart
    powershell.exe Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root -norestart
    powershell.exe -Command "Set-ExecutionPolicy Restricted -Scope CurrentUser"
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v EnableScripts /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 1 /f
    reg add HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v __PSLockDownPolicy /t REG_DWORD /d 4 /f
    powershell Set-ExecutionPolicy -ExecutionPolicy Restricted
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name "ExecutionPolicy" –Value "Restricted"
    reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v ExecutionPolicy /t REG_SZ /d Restricted /f
    reg add HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell /v ExecutionPolicy /t REG_SZ /d Restricted /f
    rd "%ProgramFiles%\WindowsPowerShell" /s /q
    rd "%ProgramFiles(x86)%\WindowsPowerShell" /s /q
    rd "%WINDIR%\System32\WindowsPowerShell" /s /q
    rd "%WINDIR%\SysWOW64\WindowsPowerShell" /s /q
    netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=no
    net stop WinRM
    net stop winmgmt
    sc config winmgmt start= disabled
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt" /v Start /d 4 /t "REG_DWORD" /f
    sc config WinRM start= disabled
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM" /v Start /d 4 /t "REG_DWORD" /f
    reg add "HKLM\SYSTEM\CurrentControlSet\services\WinRM" /v Start /t REG_DWORD /d 4 /f
    assoc .ps1=
    Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
    Dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root"
    rem attention some programs will not work
    DISM /Online /Disable-Feature /FeatureName:Microsoft-Windows-NetFx3-OC-Package /Remove /Quiet /NoRestart
    DISM /Online /Disable-Feature /FeatureName:Microsoft-Windows-NetFx3-WCF-OC-Package /Remove /Quiet /NoRestart
    DISM /Online /Disable-Feature /FeatureName:NetFx3 /Remove /Quiet /NoRestart
    rem attention most programs will not work
    DISM /Online /Disable-Feature /FeatureName:NetFx4-AdvSrvs /Remove /Quiet /NoRestart
    DISM /Online /Disable-Feature /FeatureName:Microsoft-Windows-NetFx4-US-OC-Package /Remove /Quiet /NoRestart
    DISM /Online /Disable-Feature /FeatureName:Microsoft-Windows-NetFx4-WCF-US-OC-Package /Remove /Quiet /NoRestart
    DISM /Online /Disable-Feature /FeatureName:WCF-Services45 /Remove /Quiet /NoRestart
    in this case the attacker would need to install a PS and .NET module on me or not?
    sry this is difficult to grasp a concept for me, If I hacked a few PCs (my own pcs) I would understand this better (practice, I think you need a practitioner not just books and theory).

    I am also thinking on modified iso that eradicates some elements these techniques rely upon

    maybe its possible to disrupt communication in some way
     
    Last edited: Jun 4, 2019
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
    Powershell Empire supplies all of its own needs. It is not a living-off-the-land attack and it does not need to drop any binaries on the local disk. So any execution-based rules that you make for the local machine will not stop it (once it has an entry point to the local machine, of course...)
     
  12. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    that's crazy, I wonder what with a modified iso, like a 700mb install with deep win10 modifications, a crippled OS, they are easy to build (Ntlite or MSMG toolkit) but involve some initial trials and tribulations. I am thinking maybe if its cripped two PC can't communicate properly (removed drivers, protocols, features, services) but I am not sure. I think it might be stopped this way because if you change OS you are covered, so perhaps nested VMs in this case should stop it (apart data breaches from guest VM), ie Linux->Windows10. I guess not always, because once in memory they can move between different VMs but its hard (Andreas said these type of VM movements are hard to pull off)
     
    Last edited: Jun 4, 2019
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
    Do a search on Wilderssecurity for posts from @itman about Powershell Empire. He has posted a lot about this type of thing. It sounds like science fiction, but it's real.
     
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    @lucd modified OS would change nothing, the stager can embark all it needs. For example, it's own interpreters like powershell or python so it doesn't need them installed on the system.

    It does all in-memory, so unless you have an anti-exploit (and not an post-exploitation soft like anti-exes, hence my irritation about the amalgam), you won't see it coming.

    Such attacks are mostly made for persistent and stealthy attacks schemes targeting corporate network. Home users are usually not the main targets but things can changes fast.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
    Sandboxing the application from which the attack originated should mitigate the effects.
    This attack needs an unpatched vulnerability in an internet-facing application, or a corporate network environment, AFAIK.
     
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    @Umbra you call OSA, ERP or VS post-exploatation tool, is it the correct term (you might have used it sarcastically)?
    could you call them blockers? They are like HIPS, The difference being that HIPS are smart,
    Andreas call these OSA filthers smart too as well, but they are not HIPS. Security products with HIPS performs scans on the program trying to launch its threads (ie kernel-mode callbacks such as PsSetCreateProcessNotifyRoutineEx used for monitoring process creation and termination) and then decide if it wants to grant continuation to the execution, entirely block it or restrict it (block execution of scripts). It might involve networking components to check on features. Usually part of an AV/AM
    Such scanning actions are not performed by OSA, there are no smart on-the-fly decisions or roll back actions. However the block suspicious process has 1000+ secret rules (quote), which is whats closer to a "smart" rule (if this is what Andreas meant). It is a private filter and rule manager with kernel driver, that doesn't need communication, apart driver signing purpose (Andreas said OSA or ERP might need network to check proper driver signing, although I never spotted a connection with latest release). To quote:
    OS Armor doesn't need an Internet connection to work, except to verify digital signatures of signed executables.
    That said, I don't know how to classify them, maybe private filter tools?
     
    Last edited: Jun 4, 2019
  17. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
    In the popular parlance of security forums:

    Anti-exploit means protecting an application from certain types of abuse such as buffer overflow.

    Post-exploit protection means the buffer overflow (for example) already took place, but the attack is prevented from spawning files and launching LOL bins such as powershell.

    HIPS means monitoring and/or blocking each and every action of a running process, not just preventing its initial execution.

    None of these definitions are set in stone, but this is what people usually mean, to the best of my understanding...

    @Umbra I welcome your corrections if you think these definitions are faulty.
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    alright then, so how to call ERP+RG+OSA+FIDES+VS+DRP, say academically, to me they are private filter tools or initial process blockers
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    6,134
    Location:
    Europe then Asia
    @shmu26 seems ok.

    @lucd Yes post-exploitation, because they don't prevent the exploit itself but what it may do after, and sometimes it is not enough.
     
  20. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    thats why I originally said OSA/ERP can be useful even with fileless exploits, the alerts from osa/erp/drp and firewall are sometimes enough to spot something fishy (but you always need dedicated antiexploits)
    they basically teach you what process behaviors are usual and what are unusual all the time unless that unblocked process (the process that you expect being launched into memory) is hijacked
     
    Last edited: Jun 4, 2019
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,578
    Location:
    U.S.A.
    Mimikatz injected into svchost.exe is a favorite technique:
    https://searchsecurity.techtarget.c...al-How-it-hacks-Windows-passwords-credentials
     
  22. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    the mitigation options I reference at the top of the page deal with that (Nla and others), I am immune (I don't reveal) but I can be still attacked.
    Problem is they are not set in the default Windows install you need to import them manually and updates might roll them back and if I put these option in my mother's or my GF's PC they would kill me so, you just can't enforce strong password on ppl not to mention mitigation options
    they did something on it in 1903 I think, I can see a mitigation option for svchost.exe
    (binary loaded by it to be signed by Microsoft), they are well aware of Mimikatz at Microsoft perhaps and about time there are options
     
    Last edited: Jun 4, 2019
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,348
  24. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    as usual this is aimed at people who can't use a computer not even at the very basic level (email as nr1 vector of attack, 91% of attacks - fireye, how this is possible is completely beyond me, you won't believe by I trained my 85 y old grandpa not to click malicous attachments), plus gmail's Naive Bayes will definitely filter this spam out
     
    Last edited: Jun 4, 2019
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,342
    Location:
    U.S.A. (South)
    I ain't never figured out how in all that's electric, that the silly Python language is mysteriously but easily infiltrates Windows.

    Anyone care to explain that blunder, if it is such a blunder.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.