دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Nir Yehoshua. Uriel Kosayev
سری:
ISBN (شابک) : 1801079749, 9781801079747
ناشر: Packt Publishing
سال نشر: 2021
تعداد صفحات: 242
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 21 مگابایت
در صورت تبدیل فایل کتاب Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب تکنیک های دور زدن آنتی ویروس: تکنیک ها و تاکتیک های عملی برای مبارزه، دور زدن و فرار از نرم افزارهای آنتی ویروس را بیاموزید. نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Cover Title page Copyright and Credits Recommendation Contributors Table of Contents Preface Section 1: Know the Antivirus – the Basics Behind Your Security Solution Chapter 1: Introduction to the Security Landscape Understanding the security landscape Defining malware Types of malware Exploring protection systems Antivirus – the basics Antivirus bypass in a nutshell Summary Chapter 2: Before Research Begins Technical requirements Getting started with the research The work environment and lead gathering Process Thread Registry Defining a lead Working with Process Explorer Working with Process Monitor Working with Autoruns Working with Regshot Third-party engines Summary Chapter 3: Antivirus Research Approaches Understanding the approaches to antivirus research Introducing the Windows operating system Understanding protection rings Protection rings in the Windows operating system Windows access control list Permission problems in antivirus software Insufficient permissions on the static signature file Improper privileges Unquoted Service Path DLL hijacking Buffer overflow Stack-based buffer overflow Buffer overflow – antivirus bypass approach Summary Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software Chapter 4: Bypassing the Dynamic Engine Technical requirements The preparation Basic tips for antivirus bypass research VirusTotal VirusTotal alternatives Antivirus bypass using process injection What is process injection? Windows API Classic DLL injection Process hollowing Process doppelgänging Process injection used by threat actors Antivirus bypass using a DLL PE files PE file format structure The execution Antivirus bypass using timing-based techniques Windows API calls for antivirus bypass Memory bombing – large memory allocation Summary Further reading Chapter 5: Bypassing the Static Engine Technical requirements Antivirus bypass using obfuscation Rename obfuscation Control-flow obfuscation Introduction to YARA How YARA detects potential malware How to bypass YARA Antivirus bypass using encryption Oligomorphic code Polymorphic code Metamorphic code Antivirus bypass using packing How packers work The unpacking process Packers – false positives Summary Chapter 6: Other Antivirus Bypass Techniques Technical requirements Antivirus bypass using binary patching Introduction to debugging / reverse engineering Timestomping Antivirus bypass using junk code Antivirus bypass using PowerShell Antivirus bypass using a single malicious functionality The power of combining several antivirus bypass techniques An example of an executable before and after peCloak Antivirus engines that we have bypassed in our research Summary Further reading Section 3: Using Bypass Techniques in the Real World Chapter 7: Antivirus Bypass Techniques in Red Team Operations Technical requirements What is a red team operation? Bypassing antivirus software in red team operations Fingerprinting antivirus software Summary Chapter 8: Best Practices and Recommendations Technical requirements Avoiding antivirus bypass dedicated vulnerabilities How to avoid the DLL hijacking vulnerability How to avoid the Unquoted Service Path vulnerability How to avoid buffer overflow vulnerabilities Improving antivirus detection Dynamic YARA The detection of process injection Script-based malware detection with AMSI Secure coding recommendations Self-protection mechanism Plan your code securely Do not use old code Input validation PoLP (Principle of Least Privilege) Compiler warnings Automated code testing Wait mechanisms – preventing race conditions Integrity validation Summary Why subscribe? About Packt Other Books You May Enjoy Index