0%

Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques

Key Features

  • Gain a clear understanding of the security landscape and research approaches to bypass antivirus software
  • Become well-versed with practical techniques to bypass antivirus solutions
  • Discover best practices to develop robust antivirus solutions

Book Description

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.

The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you've covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software.

By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software.

What you will learn

  • Explore the security landscape and get to grips with the fundamentals of antivirus software
  • Discover how to gather AV bypass research leads using malware analysis tools
  • Understand the two commonly used antivirus bypass approaches
  • Find out how to bypass static and dynamic antivirus engines
  • Understand and implement bypass techniques in real-world scenarios
  • Leverage best practices and recommendations for implementing antivirus solutions

Who this book is for

This book is for security researchers, malware analysts, reverse engineers, pentesters, antivirus vendors looking to strengthen their detection capabilities, antivirus users and companies that want to test and evaluate their antivirus software, organizations that want to test and evaluate antivirus software before purchase or acquisition, and tech-savvy individuals who want to learn new topics.

Table of Contents

  1. Antivirus Bypass Techniques
  2. Recommendation
  3. Contributors
  4. About the authors
  5. Reviewer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Code in Action
    5. Download the color images
    6. Conventions used
    7. Disclaimer
    8. Get in touch
    9. Reviews
  7. Section 1: Know the Antivirus – the Basics Behind Your Security Solution
  8. Chapter 1: Introduction to the Security Landscape
    1. Understanding the security landscape
    2. Defining malware
    3. Types of malware
    4. Exploring protection systems
    5. Antivirus – the basics
    6. Antivirus bypass in a nutshell
    7. Summary
  9. Chapter 2: Before Research Begins
    1. Technical requirements
    2. Getting started with the research
    3. The work environment and lead gathering
    4. Process
    5. Thread
    6. Registry
    7. Defining a lead
    8. Working with Process Explorer
    9. Working with Process Monitor
    10. Working with Autoruns
    11. Working with Regshot
    12. Third-party engines
    13. Summary
  10. Chapter 3: Antivirus Research Approaches
    1. Understanding the approaches to antivirus research
    2. Introducing the Windows operating system
    3. Understanding protection rings
    4. Protection rings in the Windows operating system
    5. Windows access control list
    6. Permission problems in antivirus software
    7. Insufficient permissions on the static signature file
    8. Improper privileges
    9. Unquoted Service Path
    10. DLL hijacking
    11. Buffer overflow
    12. Stack-based buffer overflow
    13. Buffer overflow – antivirus bypass approach
    14. Summary
  11. Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
  12. Chapter 4: Bypassing the Dynamic Engine
    1. Technical requirements
    2. The preparation
    3. Basic tips for antivirus bypass research
    4. VirusTotal
    5. VirusTotal alternatives
    6. Antivirus bypass using process injection
    7. What is process injection?
    8. Windows API
    9. Classic DLL injection
    10. Process hollowing
    11. Process doppelgänging
    12. Process injection used by threat actors
    13. Antivirus bypass using a DLL
    14. PE files
    15. PE file format structure
    16. The execution
    17. Antivirus bypass using timing-based techniques
    18. Windows API calls for antivirus bypass
    19. Memory bombing – large memory allocation
    20. Summary
    21. Further reading
  13. Chapter 5: Bypassing the Static Engine
    1. Technical requirements
    2. Antivirus bypass using obfuscation
    3. Rename obfuscation
    4. Control-flow obfuscation
    5. Introduction to YARA
    6. How YARA detects potential malware
    7. How to bypass YARA
    8. Antivirus bypass using encryption
    9. Oligomorphic code
    10. Polymorphic code
    11. Metamorphic code
    12. Antivirus bypass using packing
    13. How packers work
    14. The unpacking process
    15. Packers – false positives
    16. Summary
  14. Chapter 6: Other Antivirus Bypass Techniques
    1. Technical requirements
    2. Antivirus bypass using binary patching
    3. Introduction to debugging / reverse engineering
    4. Timestomping
    5. Antivirus bypass using junk code
    6. Antivirus bypass using PowerShell
    7. Antivirus bypass using a single malicious functionality
    8. The power of combining several antivirus bypass techniques
    9. An example of an executable before and after peCloak
    10. Antivirus engines that we have bypassed in our research
    11. Summary
    12. Further reading
  15. Section 3: Using Bypass Techniques in the Real World
  16. Chapter 7: Antivirus Bypass Techniques in Red Team Operations
    1. Technical requirements
    2. What is a red team operation?
    3. Bypassing antivirus software in red team operations
    4. Fingerprinting antivirus software
    5. Summary
  17. Chapter 8: Best Practices and Recommendations
    1. Technical requirements
    2. Avoiding antivirus bypass dedicated vulnerabilities
    3. How to avoid the DLL hijacking vulnerability
    4. How to avoid the Unquoted Service Path vulnerability
    5. How to avoid buffer overflow vulnerabilities
    6. Improving antivirus detection
    7. Dynamic YARA
    8. The detection of process injection
    9. Script-based malware detection with AMSI
    10. Secure coding recommendations
    11. Self-protection mechanism
    12. Plan your code securely
    13. Do not use old code
    14. Input validation
    15. PoLP (Principle of Least Privilege)
    16. Compiler warnings
    17. Automated code testing
    18. Wait mechanisms – preventing race conditions
    19. Integrity validation
    20. Summary
    21. Why subscribe?
  18. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think
44.215.110.142