Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Antivirus Bypass Techniques
  • Toc
  • feedback
Antivirus Bypass Techniques

Antivirus Bypass Techniques

By : Nir Yehoshua, Uriel Kosayev
4.3 (23)
close
Antivirus Bypass Techniques

Antivirus Bypass Techniques

4.3 (23)
By: Nir Yehoshua, Uriel Kosayev

Overview of this book

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions. The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you’ve covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software. By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software.
Table of Contents (13 chapters)
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the color images
Conventions used
Disclaimer
Get in touch
Reviews
1
Section 1: Know the Antivirus – the Basics Behind Your Security Solution
Section 1: Know the Antivirus – the Basics Behind Your Security Solution
Free Chapter
2
Chapter 1: Introduction to the Security Landscape
Chapter 1: Introduction to the Security Landscape
Understanding the security landscape
Defining malware
Exploring protection systems
Antivirus – the basics
Antivirus bypass in a nutshell
Summary
3
Chapter 2: Before Research Begins
Chapter 2: Before Research Begins
Technical requirements
Getting started with the research
The work environment and lead gathering
Defining a lead
Working with Process Explorer
Working with Process Monitor
Working with Autoruns
Working with Regshot
Third-party engines
Summary
4
Chapter 3: Antivirus Research Approaches
Chapter 3: Antivirus Research Approaches
Understanding the approaches to antivirus research
Introducing the Windows operating system
Understanding protection rings
Protection rings in the Windows operating system
Windows access control list
Permission problems in antivirus software
Unquoted Service Path
DLL hijacking
Buffer overflow
Summary
5
Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
6
Chapter 4: Bypassing the Dynamic Engine
Chapter 4: Bypassing the Dynamic Engine
Technical requirements
The preparation
VirusTotal
VirusTotal alternatives
Antivirus bypass using process injection
Antivirus bypass using a DLL
Antivirus bypass using timing-based techniques
Summary
Further reading
7
Chapter 5: Bypassing the Static Engine
Chapter 5: Bypassing the Static Engine
Technical requirements
Antivirus bypass using obfuscation
Antivirus bypass using encryption
Antivirus bypass using packing
Summary
8
Chapter 6: Other Antivirus Bypass Techniques
Chapter 6: Other Antivirus Bypass Techniques
Technical requirements
Antivirus bypass using binary patching
Antivirus bypass using junk code
Antivirus bypass using PowerShell
Antivirus bypass using a single malicious functionality
The power of combining several antivirus bypass techniques
Antivirus engines that we have bypassed in our research
Summary
Further reading
9
Section 3: Using Bypass Techniques in the Real World
Section 3: Using Bypass Techniques in the Real World
10
Chapter 7: Antivirus Bypass Techniques in Red Team Operations
Chapter 7: Antivirus Bypass Techniques in Red Team Operations
Technical requirements
What is a red team operation?
Bypassing antivirus software in red team operations
Fingerprinting antivirus software
Summary
11
Chapter 8: Best Practices and Recommendations
Chapter 8: Best Practices and Recommendations
Technical requirements
Avoiding antivirus bypass dedicated vulnerabilities
Improving antivirus detection
Secure coding recommendations
Summary
Why subscribe?
12
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Preface

This book was created based on 2 and a half years of researching different kinds of antivirus software.

Our goal was to actually understand and evaluate which, and how much, antivirus software provides good endpoint protection. We saw in our research a lot of interesting patterns and behaviors regarding antivirus software, how antivirus software is built, its inner workings, and its detection or lack of detection rates.

As human beings and creators, we create beautiful and smart things, with a lot of intelligence behind us, but as we already know, the fact – the hard fact – is that there is no such thing as perfect, and antivirus software is included in that. As we as humans develop, evolve, learn from our mistakes, try, fail, and eventually succeed with the ambition of achieving perfection, so we believe that antivirus software and other protection systems need to be designed in a way that they can adapt, learn, and evolve against ever-growing cyber threats.

This is why we created this book, where you will understand the importance of growing from self-learning, by accepting the truth that there is no 100-percent-bulletproof security solutions and the fact that there will always be something to humbly learn from, develop, and evolve in order to provide the best security solution, such as antivirus software.

By showing you how antivirus software can be bypassed, you can learn a lot about it, from it, and also make it better, whether it is by securing it at the code level against vulnerability-based bypasses or by writing better detections in order to prevent detection-based antivirus bypasses as much as possible.

While reading our book, you will see cases where we bypassed a lot of antivirus software, but in fact, this does not necessarily suggest that the bypassed antivirus software is not good, and we do not give any recommendations for any specific antivirus software in this book.

Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete