How can we Trust DB files?
by kiaheyrati038 - December 28, 2019 at 06:07 PM
#13
For random programs, I would honestly wait for a staff member or another user to verify that they work or if no-one has replied then check the link. Reputation is a good indicator if a user has uploaded things before but there is no guarentee.
Reply
#14
I usually scan them on Virustotal and I have disabled the MS macros n I will not click on any .exe file that is unknown to me. my dual PC also runs a linux distro n i try to keep it updated n open my files on it as long as most of the viruses are made for windows users.. but I want to know some other further steps I can take..I am concerned n I hope it helps me to do better.
what is your true advice, rather than just keep telling me to use my mind?? because I certainly do try my best.
Reply
#15
I use sandbox and vm combined most of the time, this assures me of some problems i may counter but not all.
Just dont execute any files that you didnt check. Especially selfmade .exes, i always open the source with a special tool

i forgot the name of it will link it later on today tho.
Reply
#16
(December 28, 2019 at 06:30 PM)cryptoking Wrote:
(December 28, 2019 at 06:11 PM)kiaheyrati038 Wrote:
(December 28, 2019 at 06:09 PM)cryptoking Wrote: You don't trust them.. trust nothing, verify everything.

is just scanning them in Virustotal enough?

>> No lol. But once you double click enough viruses, you'll get the hang of it hahahah!

Short version:

But really, virustotal is going to check for known malware signatures in executable files. It's not going to check for malicious shell script commands buried 6 levels deep in a double zipped archive, and It isn't going to check for a malicious SQL statement in a .sql DB file. So a bit of experience goes a long way. Opening a document in text only and reading it is a good first step, or grep for known problematic strings.

Be mindful .pdf .odt .xlxs and whatever other office docs, spreadsheets, powerpoints, or edocuments are easy to pack with payloads, and as long as they're sufficiently obfuscated they'll slide by any virus scanner 98% of the time. .zip files are always a concern for caution due to autoexec exploits, other archives are generally trusted (for extraction). Obviously, if you doubleclick an exe... it's your own damn fault... 

You should be watching user reputation as an indicator before you even click the unlock button. While some new users do have great content, those are the ones to be most cautious of.

Personally, I purposely go out of my way to download malware, and can't wait to double click it in my nested VM 'playground'.. Being someone who loves playing with malware, this also makes me extra paranoid-ish about just about every file, everywhere...

(December 29, 2019 at 06:33 PM)cryptoking Wrote:
(December 28, 2019 at 07:12 PM)kiaheyrati038 Wrote: yup. thank you mate. i think i've got to go n set a VM up.
(I didn't see any thanks button, so i just said that.)

If you aren't skilled,experienced and/or knowledgeable, a VM likely won't help you. A lot of malware doesn't execute at all in a VM, and some malware can jump out of your VM by various means.

For beginners, just don't click exe files, and well.. I know I can put a lot of malware pas AV on Windblows.. but doesn't hurt to use it anyway. There is a paid AV software that I can't beat usually... catches all my shit 99% of the time.. the name is slipping on me right now though, ill get back on that

jump out of your VM by various means ??? I never heard of this! sounds really crazy
Reply
#17
One thing I do is download and open everything inside of a virtual machine. If its a virus, then worst case is that I have to restore the virtual machine. I'm not 100% sure, but I believe a virus inside of the virtual machine should be contained.
Reply
#18
(December 28, 2019 at 06:09 PM)cryptoking Wrote: You don't trust them.. trust nothing, verify everything.


Agree with this fella....!!!
Reply
#19
(December 31, 2019 at 05:51 AM)mwilson111073 Wrote: One thing I do is download and open everything inside of a virtual machine. If its a virus, then worst case is that I have to restore the virtual machine. I'm not 100% sure, but I believe a virus inside of the virtual machine should be contained.

Not really.. lol. A virtual machine has all the weakness of a real machine on your network (depending on configuration) as well as some extra ones (again configuration)..

Do you have networking enabled? Shared folders? SMB? Drag n Drop enabled? Clipboard sharing enabled? Then there are overflow related attacks still possible as I am sure your host OS is not isolating the VM on specific cores, instead sharing resources freely between host OS and VM. True isolation won't take place in a Type-2 hypervisor like VBox.
Reply
#20
voilà! what a nice thread it became 🤘
I think that a VM will protect us most of the time n it's enough as long as we just copy the suspicious files in it and disable the networking+shared folders+SMB+drag and drop. and after doing so, we're pretty good opening it right?

but is there any other way to get a true 100 percent isolation rather than using an old laptop on which we do not share anything important?
and BTW I've just asked this question because I wanted to open a DB file and not an .exe ..
Reply
#21
Wow. This thread is actually very informative for people jusr starting out thanks a lot
Reply
#22
(January 01, 2020 at 07:17 AM)kiaheyrati038 Wrote: voilà! what a nice thread it became 🤘
I think that a VM will protect us most of the time n it's enough as long as we just copy the suspicious files in it and disable the networking+shared folders+SMB+drag and drop. and after doing so, we're pretty good opening it right?

but is there any other way to get a true 100 percent isolation rather than using an old laptop on which we do not share anything important?
and BTW I've just asked this question because I wanted to open a DB file and not an .exe ..


Not 100% really, but a Type-1 hypervisor gets you as close as you can get. I think Proxmox has core isolation capability, don't quote me on that.

But really.. So you are going to take an old laptop, shut off all it's networking so you can't transfer files, then what use a USB stick to transfer between your battlestation and victim machines? What about USB migration? USB migration is a nifty little add-on to add to your malware. But it makes for some really interesting propagation that's for sure. It relies on Windblows auto-mount and auto-run capability on USB drives. Some even present themselves to a Windblows host as a physical keyboard device, meaning now an attacker has, well as good as having physical access to your office/bedroom/momma's basement where you wank all day, and a physical keyboard plugged in...

Windblows is a really stupid operating system...

Just some food for thought anyway, I'm not deliberately trying to scare the kids away from here, but it's some decent info in this thread to put you in the right head game at least. The only secure system is one that never has software installed on it, and never has a network connection.. As soon as you add software, you have introduced one or many vulnerabilities.

LOL!! --> Have fun kids!!!
Reply
#23
As long as DBs are not EXE you're apparently safe.
Reply
#24
(January 02, 2020 at 12:16 AM)MrBr Wrote: As long as DBs are not EXE you're apparently safe.

I suppose you are safe, For the most part...
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
7z files sifteddata 24 840 November 08, 2019 at 01:42 PM
Last Post: Sunsingerlock
Fastest Way To Scan Large Files For Text? mastergerber 27 1,250 September 18, 2019 at 02:27 PM
Last Post: xam
How to use .sql files crushingapples 24 1,288 September 01, 2019 at 07:34 PM
Last Post: crushingapples

 Users browsing this thread: 1 Guest(s)