Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software
- Length: 242 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-07-16
- ISBN-10: 1801079749
- ISBN-13: 9781801079747
- Sales Rank: #1236841 (See Top 100 Books)
Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques
Key Features
- Gain a clear understanding of the security landscape and research approaches to bypass antivirus software
- Become well-versed with practical techniques to bypass antivirus solutions
- Discover best practices to develop robust antivirus solutions
Book Description
Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.
The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you’ve covered the essentials of antivirus research and bypassing, you’ll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software.
By the end of this security book, you’ll have a better understanding of antivirus software and be able to confidently bypass antivirus software.
What you will learn
- Explore the security landscape and get to grips with the fundamentals of antivirus software
- Discover how to gather AV bypass research leads using malware analysis tools
- Understand the two commonly used antivirus bypass approaches
- Find out how to bypass static and dynamic antivirus engines
- Understand and implement bypass techniques in real-world scenarios
- Leverage best practices and recommendations for implementing antivirus solutions
Who this book is for
This book is for security researchers, malware analysts, reverse engineers, pentesters, antivirus vendors looking to strengthen their detection capabilities, antivirus users and companies that want to test and evaluate their antivirus software, organizations that want to test and evaluate antivirus software before purchase or acquisition, and tech-savvy individuals who want to learn new topics.
Table of Contents
- Introduction to the Security Landscape
- Before Research Begins
- Antivirus Research Approaches
- Bypassing the Dynamic Engine
- Bypassing the Static Engine
- Other Antivirus Bypass Techniques
- Antivirus Bypass Techniques in Red Team Operations
- Best Practices and Recommendations
Antivirus Bypass Techniques Recommendation Contributors About the authors Reviewer Preface Who this book is for What this book covers To get the most out of this book Code in Action Download the color images Conventions used Disclaimer Get in touch Reviews Section 1: Know the Antivirus – the Basics Behind Your Security Solution Chapter 1: Introduction to the Security Landscape Understanding the security landscape Defining malware Types of malware Exploring protection systems Antivirus – the basics Antivirus bypass in a nutshell Summary Chapter 2: Before Research Begins Technical requirements Getting started with the research The work environment and lead gathering Process Thread Registry Defining a lead Working with Process Explorer Working with Process Monitor Working with Autoruns Working with Regshot Third-party engines Summary Chapter 3: Antivirus Research Approaches Understanding the approaches to antivirus research Introducing the Windows operating system Understanding protection rings Protection rings in the Windows operating system Windows access control list Permission problems in antivirus software Insufficient permissions on the static signature file Improper privileges Unquoted Service Path DLL hijacking Buffer overflow Stack-based buffer overflow Buffer overflow – antivirus bypass approach Summary Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software Chapter 4: Bypassing the Dynamic Engine Technical requirements The preparation Basic tips for antivirus bypass research VirusTotal VirusTotal alternatives Antivirus bypass using process injection What is process injection? Windows API Classic DLL injection Process hollowing Process doppelgänging Process injection used by threat actors Antivirus bypass using a DLL PE files PE file format structure The execution Antivirus bypass using timing-based techniques Windows API calls for antivirus bypass Memory bombing – large memory allocation Summary Further reading Chapter 5: Bypassing the Static Engine Technical requirements Antivirus bypass using obfuscation Rename obfuscation Control-flow obfuscation Introduction to YARA How YARA detects potential malware How to bypass YARA Antivirus bypass using encryption Oligomorphic code Polymorphic code Metamorphic code Antivirus bypass using packing How packers work The unpacking process Packers – false positives Summary Chapter 6: Other Antivirus Bypass Techniques Technical requirements Antivirus bypass using binary patching Introduction to debugging / reverse engineering Timestomping Antivirus bypass using junk code Antivirus bypass using PowerShell Antivirus bypass using a single malicious functionality The power of combining several antivirus bypass techniques An example of an executable before and after peCloak Antivirus engines that we have bypassed in our research Summary Further reading Section 3: Using Bypass Techniques in the Real World Chapter 7: Antivirus Bypass Techniques in Red Team Operations Technical requirements What is a red team operation? Bypassing antivirus software in red team operations Fingerprinting antivirus software Summary Chapter 8: Best Practices and Recommendations Technical requirements Avoiding antivirus bypass dedicated vulnerabilities How to avoid the DLL hijacking vulnerability How to avoid the Unquoted Service Path vulnerability How to avoid buffer overflow vulnerabilities Improving antivirus detection Dynamic YARA The detection of process injection Script-based malware detection with AMSI Secure coding recommendations Self-protection mechanism Plan your code securely Do not use old code Input validation PoLP (Principle of Least Privilege) Compiler warnings Automated code testing Wait mechanisms – preventing race conditions Integrity validation Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Leave a review - let other readers know what you think
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.