Home

Awesome

[Not Anti-Virus (Not AV)™]

An attmept to block malware before AV scans it.

Description

Not all things are seen as equal until you stare at it long enough!

With malware causing havoc across the globe, this browser extension is a PoC for blocking malware downloads using just the response headers. The research for Emotet can be found in this thread: https://twitter.com/ecstatic_nobel/status/1176267975537713152?s=19.

Demonstration blocking Mozi:

Demonstration blocking GuLoader:

Demonstration blocking Emotet:

NOTE: Out of the box, this will block the majority of:

This PoC can be strengthened by adding other indicators found in the response (or request) headers to avoid false-positives.

Not Anti-Virus

Support: notav [at] protonmail