Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Antivirus Bypass Techniques
  • Table Of Contents Toc
  • Feedback & Rating feedback
Antivirus Bypass Techniques

Antivirus Bypass Techniques

By : Nir Yehoshua, Uriel Kosayev
4.3 (23)
Buy this Book
close
close
Antivirus Bypass Techniques

Antivirus Bypass Techniques

4.3 (23)
By: Nir Yehoshua, Uriel Kosayev
Buy this Book

Overview of this book

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions. The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you’ve covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software. By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Code in Action
Icon
Download the color images
Icon
Conventions used
Icon
Disclaimer
Icon
Get in touch
Icon
Reviews
1
Section 1: Know the Antivirus – the Basics Behind Your Security Solution
Icon
Section 1: Know the Antivirus – the Basics Behind Your Security Solution
Free Chapter
2
Chapter 1: Introduction to the Security Landscape
Icon
Chapter 1: Introduction to the Security Landscape
Icon
Understanding the security landscape
Icon
Defining malware
Icon
Exploring protection systems
Icon
Antivirus – the basics
Icon
Antivirus bypass in a nutshell
Icon
Summary
3
Chapter 2: Before Research Begins
chevron up
Icon
Chapter 2: Before Research Begins
Icon
Technical requirements
Icon
Getting started with the research
Icon
The work environment and lead gathering
Icon
Defining a lead
Icon
Working with Process Explorer
Icon
Working with Process Monitor
Icon
Working with Autoruns
Icon
Working with Regshot
Icon
Third-party engines
Icon
Summary
4
Chapter 3: Antivirus Research Approaches
Icon
Chapter 3: Antivirus Research Approaches
Icon
Understanding the approaches to antivirus research
Icon
Introducing the Windows operating system
Icon
Understanding protection rings
Icon
Protection rings in the Windows operating system
Icon
Windows access control list
Icon
Permission problems in antivirus software
Icon
Unquoted Service Path
Icon
DLL hijacking
Icon
Buffer overflow
Icon
Summary
5
Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
Icon
Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
6
Chapter 4: Bypassing the Dynamic Engine
Icon
Chapter 4: Bypassing the Dynamic Engine
Icon
Technical requirements
Icon
The preparation
Icon
VirusTotal
Icon
VirusTotal alternatives
Icon
Antivirus bypass using process injection
Icon
Antivirus bypass using a DLL
Icon
Antivirus bypass using timing-based techniques
Icon
Summary
Icon
Further reading
7
Chapter 5: Bypassing the Static Engine
Icon
Chapter 5: Bypassing the Static Engine
Icon
Technical requirements
Icon
Antivirus bypass using obfuscation
Icon
Antivirus bypass using encryption
Icon
Antivirus bypass using packing
Icon
Summary
8
Chapter 6: Other Antivirus Bypass Techniques
Icon
Chapter 6: Other Antivirus Bypass Techniques
Icon
Technical requirements
Icon
Antivirus bypass using binary patching
Icon
Antivirus bypass using junk code
Icon
Antivirus bypass using PowerShell
Icon
Antivirus bypass using a single malicious functionality
Icon
The power of combining several antivirus bypass techniques
Icon
Antivirus engines that we have bypassed in our research
Icon
Summary
Icon
Further reading
9
Section 3: Using Bypass Techniques in the Real World
Icon
Section 3: Using Bypass Techniques in the Real World
10
Chapter 7: Antivirus Bypass Techniques in Red Team Operations
Icon
Chapter 7: Antivirus Bypass Techniques in Red Team Operations
Icon
Technical requirements
Icon
What is a red team operation?
Icon
Bypassing antivirus software in red team operations
Icon
Fingerprinting antivirus software
Icon
Summary
11
Chapter 8: Best Practices and Recommendations
Icon
Chapter 8: Best Practices and Recommendations
Icon
Technical requirements
Icon
Avoiding antivirus bypass dedicated vulnerabilities
Icon
Improving antivirus detection
Icon
Secure coding recommendations
Icon
Summary
Icon
Why subscribe?
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Leave a review - let other readers know what you think

Defining a lead

The antivirus research lead is a file that we know the purpose of in the overall operation of the antivirus software and that we have found suitable to add to our research. Lead files are the most relevant files in antivirus research.

We can compare lead gathering to the first stage of a penetration test, known as reconnaissance. When we are performing reconnaissance on a target, that information is a type of lead, and we can use it to advance toward accomplishing our goal.

To gather leads, we must discover how the antivirus software works on the operating system and what its flow is.

As we wrote earlier, the work environment we used to conduct these examples of lead gathering is Windows 10 with AVG 2020 installed. In order to gather leads, we used a range of dynamic malware analysis tools in this chapter, such as the Sysinternals suite (https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite) and Regshot (https://sourceforge.net/projects...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 5
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY