دانلود کتاب Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software

فهرست مطالب :

Cover
Title page
Copyright and Credits
Recommendation
Contributors
Table of Contents
Preface
Section 1: Know the Antivirus – the Basics Behind Your Security Solution
Chapter 1: Introduction to the Security Landscape
Understanding the security landscape
Defining malware
Types of malware
Exploring protection systems
Antivirus – the basics
Antivirus bypass in a nutshell
Summary
Chapter 2: Before Research Begins
Technical requirements
Getting started with the research
The work environment and lead gathering
Process
Thread
Registry
Defining a lead
Working with Process Explorer
Working with Process Monitor
Working with Autoruns
Working with Regshot
Third-party engines
Summary
Chapter 3: Antivirus Research Approaches
Understanding the approaches to antivirus research
Introducing the Windows operating system
Understanding protection rings
Protection rings in the Windows operating system
Windows access control list
Permission problems in antivirus software
Insufficient permissions on the static signature file
Improper privileges
Unquoted Service Path
DLL hijacking
Buffer overflow
Stack-based buffer overflow
Buffer overflow – antivirus bypass approach
Summary
Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
Chapter 4: Bypassing the Dynamic Engine
Technical requirements
The preparation
Basic tips for antivirus bypass research
VirusTotal
VirusTotal alternatives
Antivirus bypass using process injection
What is process injection?
Windows API
Classic DLL injection
Process hollowing
Process doppelgänging
Process injection used by threat actors
Antivirus bypass using a DLL
PE files
PE file format structure
The execution
Antivirus bypass using timing-based techniques
Windows API calls for antivirus bypass
Memory bombing – large memory allocation
Summary
Further reading
Chapter 5: Bypassing the Static Engine
Technical requirements
Antivirus bypass using obfuscation
Rename obfuscation
Control-flow obfuscation
Introduction to YARA
How YARA detects potential malware
How to bypass YARA
Antivirus bypass using encryption
Oligomorphic code
Polymorphic code
Metamorphic code
Antivirus bypass using packing
How packers work
The unpacking process
Packers – false positives
Summary
Chapter 6: Other Antivirus Bypass Techniques
Technical requirements
Antivirus bypass using binary patching
Introduction to debugging / reverse engineering
Timestomping
Antivirus bypass using junk code
Antivirus bypass using PowerShell
Antivirus bypass using a single malicious functionality
The power of combining several antivirus bypass techniques
An example of an executable before and after peCloak
Antivirus engines that we have bypassed in our research
Summary
Further reading
Section 3: Using Bypass Techniques in the Real World
Chapter 7: Antivirus Bypass Techniques in Red Team Operations
Technical requirements
What is a red team operation?
Bypassing antivirus software in red team operations
Fingerprinting antivirus software
Summary
Chapter 8: Best Practices and Recommendations
Technical requirements
Avoiding antivirus bypass dedicated vulnerabilities
How to avoid the DLL hijacking vulnerability
How to avoid the Unquoted Service Path vulnerability
How to avoid buffer overflow vulnerabilities
Improving antivirus detection
Dynamic YARA
The detection of process injection
Script-based malware detection with AMSI
Secure coding recommendations
Self-protection mechanism
Plan your code securely
Do not use old code
Input validation
PoLP (Principle of Least Privilege)
Compiler warnings
Automated code testing
Wait mechanisms – preventing race conditions
Integrity validation
Summary
Why subscribe?
About Packt
Other Books You May Enjoy
Index