Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-14-2021, 01:41
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 297
Rept. Given: 1
Rept. Rcvd 13 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 14 Times in 11 Posts
TmC Reputation: 13
QuestionMark Secure Browser

Goodmorning,
In these days of covid-19 pandemic, more and more high schools, universities, entities and companies are using enforced assessing methods to be able to continue their testing activities on students/employees so that examinations can be taken online while on-site activities are still forbidden.

I've been asked from a friend of mine if I know some methods of spoofing the solution his University uses for secure assessment of examinations, so that he can read some of the answers I will be suggesting him via some other software on the pc (VNC, other means...still not investigated).

I know this is mean, but for some personal private reasons I can't explain here, it is the only way he can take the examination(this is last one and all other have been succesful without lying).

I am not an expert with Questionmark Secure Browser but having been able to play with it for 5 minutes, I saw that it is drawing itself on the entire screen. Windows key is not working, CTR+ALT+CANC is working but opening the task manager results in nothing since the windows opens but is kept on the background by the browser.

Is there someone that tried to play with this software and maybe managed to study how it behaves and how to be able to open some other software without it noticing or trying to be always on top of everything?

Thankyou

EDIT1: It is even detecting VMWare and refusing to run...

Last edited by TmC; 01-14-2021 at 07:14.
Reply With Quote
The Following User Says Thank You to TmC For This Useful Post:
niculaita (01-14-2021)
  #2  
Old 01-14-2021, 16:40
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 306
Rept. Given: 0
Rept. Rcvd 274 Times in 97 Posts
Thanks Given: 0
Thanks Rcvd at 264 Times in 81 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
What's wrong with the "classic" approach, which has been working for more than 100 years?
  1. Identify the topics you don't know good enough yet.
  2. Write them on a small piece of paper you assume your teacher won't notice when sitting behind his desk.
  3. After writing everything down thoroughly and in detail you notice you don't need the cheat sheet any more.
Even if 3. doesn't happen for some reason: The teacher's desk is very far away during COVID-19.
Reply With Quote
  #3  
Old 01-14-2021, 17:32
Windoze Windoze is offline
Friend
 
Join Date: Nov 2019
Location: Germany
Posts: 14
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 8 Times in 5 Posts
Windoze Reputation: 0
Or use a second Laptop / Phone / Tablet...
Reply With Quote
  #4  
Old 01-14-2021, 18:15
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 297
Rept. Given: 1
Rept. Rcvd 13 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 14 Times in 11 Posts
TmC Reputation: 13
Quote:
Originally Posted by Windoze View Post
Or use a second Laptop / Phone / Tablet...
With constant camera/mirophone surveillance? The teacher might ask him to pause the test and rotate the camera to show the environment.
Reply With Quote
  #5  
Old 01-14-2021, 18:42
Windoze Windoze is offline
Friend
 
Join Date: Nov 2019
Location: Germany
Posts: 14
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 8 Times in 5 Posts
Windoze Reputation: 0
Quote:
Originally Posted by TmC View Post
With constant camera/mirophone surveillance? The teacher might ask him to pause the test and rotate the camera to show the environment.
You are right, didn't think about that. But if you show him solutions with some software on the pc you also need to have a hotkey or something to hide it in these cases.
Reply With Quote
  #6  
Old 01-18-2021, 16:37
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 68
Rept. Given: 0
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 6
Thanks Rcvd at 42 Times in 17 Posts
surferxyz Reputation: 8
You could try and work out how it is identifying if it is running under vmware with a debugger/other analysis tools.

Also it is likely that it is just using common published techniques to identify that it is running in a VM, eg looking at the network adapter vendor etc...

Here is an example article that shows two ways to identify the process is running under a VM using the CPUID instruction, and then a solution so the example code no longer succeeds:

https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 04:50.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )