Stand Alone Scanner & Removal Tool

[buddha-hacker]

Well, I figured this was the right group to ask.

I'm wondering what security detection and removal tools give Pen Testers fits. Specifically I'm looking for a good portable scanner / removal tool which doesn't need to be installed, can be run in addition to a main AV scanner and some something like Malwarebytes, and doesn't modify anything (unless removing) on the system?

What do the guru's of Kali recommend?

Thanks!

[grid]

That's a tough question, but I'll give it a shot Honestly, I think Malwarebytes is the best portable malware scanner...our tech support folks use it regularly.

Let me answer your security detection & removal tool another way. Since these tools are signature-based, by and large, the best way to beat them is to build a payload which doesn't contain a known signature. Meaning, if you use msfvenom to build a reverse HTTP meterpreter payload, encode it with shikata_ga_nai, and just make an exe out of it, it's probably going to get caught. The AV vendors know metasploit well. So, to keep your payload hidden, you have to change it up by adding random bytes, pack it with a non-standard packer, use different shellcode, etc.

[buddha-hacker]

Thanks Grid!

I'm approaching this from a defenders point of view. So I'm wondering if there are any tools which are portable / leave no foot print and can be used to remove the evil from a remediation prospective.

[grid]

You're welcome!

I haven't done much in the way of incident response, but my workplace has a policy that if you suffer a malware infection, your box gets re-imaged.