| Description |
1 online resource |
| Summary |
Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques. Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions. The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you've covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software. By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software. This book is for security researchers, malware analysts, reverse engineers, pentesters, antivirus vendors looking to strengthen their detection capabilities, antivirus users and companies that want to test and evaluate their antivirus software, organizations that want to test and evaluate antivirus software before purchase or acquisition, and tech-savvy individuals who want to learn new topics. |
| Contents |
Cover -- Title page -- Copyright and Credits -- Recommendation -- Contributors -- Table of Contents -- Preface -- Section 1: Know the Antivirus -- the Basics Behind Your Security Solution -- Chapter 1: Introduction to the Security Landscape -- Understanding the security landscape -- Defining malware -- Types of malware -- Exploring protection systems -- Antivirus -- the basics -- Antivirus bypass in a nutshell -- Summary -- Chapter 2: Before Research Begins -- Technical requirements -- Getting started with the research -- The work environment and lead gathering -- Process -- Thread -- Registry |
|
Defining a lead -- Working with Process Explorer -- Working with Process Monitor -- Working with Autoruns -- Working with Regshot -- Third-party engines -- Summary -- Chapter 3: Antivirus Research Approaches -- Understanding the approaches to antivirus research -- Introducing the Windows operating system -- Understanding protection rings -- Protection rings in the Windows operating system -- Windows access control list -- Permission problems in antivirus software -- Insufficient permissions on the static signature file -- Improper privileges -- Unquoted Service Path -- DLL hijacking |
|
Buffer overflow -- Stack-based buffer overflow -- Buffer overflow -- antivirus bypass approach -- Summary -- Section 2: Bypass the Antivirus -- Practical Techniques to Evade Antivirus Software -- Chapter 4: Bypassing the Dynamic Engine -- Technical requirements -- The preparation -- Basic tips for antivirus bypass research -- VirusTotal -- VirusTotal alternatives -- Antivirus bypass using process injection -- What is process injection? -- Windows API -- Classic DLL injection -- Process hollowing -- Process doppelgänging -- Process injection used by threat actors -- Antivirus bypass using a DLL |
|
PE files -- PE file format structure -- The execution -- Antivirus bypass using timing-based techniques -- Windows API calls for antivirus bypass -- Memory bombing -- large memory allocation -- Summary -- Further reading -- Chapter 5: Bypassing the Static Engine -- Technical requirements -- Antivirus bypass using obfuscation -- Rename obfuscation -- Control-flow obfuscation -- Introduction to YARA -- How YARA detects potential malware -- How to bypass YARA -- Antivirus bypass using encryption -- Oligomorphic code -- Polymorphic code -- Metamorphic code -- Antivirus bypass using packing |
|
How packers work -- The unpacking process -- Packers -- false positives -- Summary -- Chapter 6: Other Antivirus Bypass Techniques -- Technical requirements -- Antivirus bypass using binary patching -- Introduction to debugging / reverse engineering -- Timestomping -- Antivirus bypass using junk code -- Antivirus bypass using PowerShell -- Antivirus bypass using a single malicious functionality -- The power of combining several antivirus bypass techniques -- An example of an executable before and after peCloak -- Antivirus engines that we have bypassed in our research -- Summary -- Further reading |
| Subject |
Computer networks -- Security measures -- Software.
|
|
Computer viruses -- Prevention.
|
|
Réseaux d'ordinateurs -- Sécurité -- Mesures -- Logiciels. |
|
Computer networks -- Security measures |
|
Computer viruses -- Prevention |
| Genre |
Software
|
| Added Author |
Kosayev, Uriel, author.
|
| Other Form: |
Print version: 9781801075602 |
|
Print version: 1801079749 9781801079747 (OCoLC)1251507416 |
| ISBN |
9781801075602 (electronic book) |
|
1801075603 (electronic book) |
|
More Resources