Cargando…
Antivirus bypass techniques : learn practical techniques and tactics to combat, bypass, and evade antivirus software /
Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques. Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing Limited,
2021.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title page
- Copyright and Credits
- Recommendation
- Contributors
- Table of Contents
- Preface
- Section 1: Know the Antivirus
- the Basics Behind Your Security Solution
- Chapter 1: Introduction to the Security Landscape
- Understanding the security landscape
- Defining malware
- Types of malware
- Exploring protection systems
- Antivirus
- the basics
- Antivirus bypass in a nutshell
- Summary
- Chapter 2: Before Research Begins
- Technical requirements
- Getting started with the research
- The work environment and lead gathering
- Process
- Thread
- Registry
- Defining a lead
- Working with Process Explorer
- Working with Process Monitor
- Working with Autoruns
- Working with Regshot
- Third-party engines
- Summary
- Chapter 3: Antivirus Research Approaches
- Understanding the approaches to antivirus research
- Introducing the Windows operating system
- Understanding protection rings
- Protection rings in the Windows operating system
- Windows access control list
- Permission problems in antivirus software
- Insufficient permissions on the static signature file
- Improper privileges
- Unquoted Service Path
- DLL hijacking
- Buffer overflow
- Stack-based buffer overflow
- Buffer overflow
- antivirus bypass approach
- Summary
- Section 2: Bypass the Antivirus
- Practical Techniques to Evade Antivirus Software
- Chapter 4: Bypassing the Dynamic Engine
- Technical requirements
- The preparation
- Basic tips for antivirus bypass research
- VirusTotal
- VirusTotal alternatives
- Antivirus bypass using process injection
- What is process injection?
- Windows API
- Classic DLL injection
- Process hollowing
- Process doppelgänging
- Process injection used by threat actors
- Antivirus bypass using a DLL
- PE files
- PE file format structure
- The execution
- Antivirus bypass using timing-based techniques
- Windows API calls for antivirus bypass
- Memory bombing
- large memory allocation
- Summary
- Further reading
- Chapter 5: Bypassing the Static Engine
- Technical requirements
- Antivirus bypass using obfuscation
- Rename obfuscation
- Control-flow obfuscation
- Introduction to YARA
- How YARA detects potential malware
- How to bypass YARA
- Antivirus bypass using encryption
- Oligomorphic code
- Polymorphic code
- Metamorphic code
- Antivirus bypass using packing
- How packers work
- The unpacking process
- Packers
- false positives
- Summary
- Chapter 6: Other Antivirus Bypass Techniques
- Technical requirements
- Antivirus bypass using binary patching
- Introduction to debugging / reverse engineering
- Timestomping
- Antivirus bypass using junk code
- Antivirus bypass using PowerShell
- Antivirus bypass using a single malicious functionality
- The power of combining several antivirus bypass techniques
- An example of an executable before and after peCloak
- Antivirus engines that we have bypassed in our research
- Summary
- Further reading