The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany
Yeah, reading a publication The Antivirus Hacker's Handbook, By Joxean Koret, Elias Bachaalany could add your buddies lists. This is just one of the formulas for you to be successful. As recognized, success does not mean that you have fantastic things. Recognizing as well as recognizing greater than various other will provide each success. Next to, the notification as well as impression of this The Antivirus Hacker's Handbook, By Joxean Koret, Elias Bachaalany could be taken and also chosen to act.
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany
PDF Ebook Online The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany
Hack your antivirus software to stamp out future vulnerabilities
The Antivirus Hacker's Handbook guides you through the process of reverse engineering antivirus software. You explore how to detect and exploit vulnerabilities that can be leveraged to improve future software design, protect your network, and anticipate attacks that may sneak through your antivirus' line of defense. You'll begin building your knowledge by diving into the reverse engineering process, which details how to start from a finished antivirus software program and work your way back through its development using the functions and other key elements of the software. Next, you leverage your new knowledge about software development to evade, attack, and exploit antivirus software—all of which can help you strengthen your network and protect your data.
While not all viruses are damaging, understanding how to better protect your computer against them can help you maintain the integrity of your network.
- Discover how to reverse engineer your antivirus software
- Explore methods of antivirus software evasion
- Consider different ways to attack and exploit antivirus software
- Understand the current state of the antivirus software market, and get recommendations for users and vendors who are leveraging this software
The Antivirus Hacker's Handbook is the essential reference for software reverse engineers, penetration testers, security researchers, exploit writers, antivirus vendors, and software engineers who want to understand how to leverage current antivirus software to improve future applications.
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany- Amazon Sales Rank: #224771 in Books
- Published on: 2015-09-28
- Original language: English
- Number of items: 1
- Dimensions: 9.25" h x .70" w x 7.40" l, .0 pounds
- Binding: Paperback
- 384 pages
From the Back Cover
Hack your own antivirus software for an attacker's-eye look at the holes in your defense
Computer viruses are as contagious as the common cold, but they can be infinitely more destructive. Antivirus software is the best defense, but the quality of these defenses is as varied as the field itself. The Antivirus Hacker's Handbook shows you how to hack your own system's defenses to discover its weaknesses, so you can apply the appropriate extra protections to keep your network locked up tight. Authors Joxean Koret and Elias Bachaalany draw on decades of reverse-engineering expertise to teach you how to see your system the way a hacker would — highlighting vulnerabilities and showing you where the next attack is likely to occur.
You'll begin by delving into the core of your antivirus software to learn how it works and where its own vulnerabilities lie. Then you'll exploit those weak defenses to gain a hacker's-eye view of your own system as you learn to evade, attack, and exploit antivirus software to gain "unauthorized" access to your network and data. When hackers reach this stage of the game, they can install malware that accesses sensitive information, monitor what the user is doing, and steal or corrupt documents and data. When you reach this stage, you'll have a thorough understanding of the holes in your defense strategy and the knowledge you need to make them impenetrable.
Learn to:
- Reverse-engineer your antivirus software from the inside out
- Understand the plug-ins system and antivirus signatures
- Work your way around antivirus measures to strengthen your network
- Evade signatures, scanners, and heuristic engines
- Conduct static and dynamic analyses
- Exploit local and remote exploit techniques
- Discover the latest antivirus trends and recommendations
About the Author
JOXEAN KORET is a security researcher at Coseinc, a Singapore-based security services firm. He is an in-demand speaker at international security conferences, and a well-regarded specialist in reverse-engineering, vulnerability research, and malware analysis.
ELIAS BACHAALANY is a computer programmer, reverse engineer, and technical writer employed by Microsoft. An authority in multiple programming languages, database design, and web development, he played an instrumental role in the IDAPython project and IDA Pro's scripting facilities development.
Where to Download The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany
Most helpful customer reviews
6 of 6 people found the following review helpful. Exploiting vast majority of AV software is trivial By Daniel Bilar Preliminaries: I requested the book for review from one of the authors. I have interacted at technical security conferences with them, am cordially acquainted with both authors and I respect / like them both.TL/DR takeaway of this technical handbook for the impatient reader:1) Anti-virus (AV) software can be subverted just like any other software. Implemented security measures—if they exist at all— are much more primitive than the security measures implemented in Office suites or browsers, such as Microsoft Office or Google Chrome.2) This results in a dramatic increase in attack surface with vulnerabilities both at local and remote levels.3) Hence, AV can and often does make computers and networks less secure.Joxean and Elias posit that a lot of AV is never security audited (“That’s right: never.”) and corroborate this and other claims throughout the book. Dense at times and aimed at security researchers comfortable with standard reversing tools and python/C++, the authors intersperse easy reading with several case studies and code exploration of real life (unnamed) AV.What they demonstrate is actually quite depressing and alarming: Vast majority of AV (one or two unnamed exceptions) lack rudimentary security controls, such as those implemented in modern-ish web browsers and document readers. These includes but are not limited to• Privilege separation '• Sandboxing '• Emulation '• Default trust deny of other components'• Anti-exploitation measures inside their own products• SSL/TLS based updates• Effective use of ASLR• Effective and proper use of ACLsThe cumulative effect is a giant OR function of weakest links for the savvy reverser. Joxean reverse engineered and managed to subvert 14+ AV products (windows, *nix) in about 1-2 years time and their reversing findings make for entertaining yet grating read:There is for instance the tale of the local privilege exploit by the sad Panda AV design decision to make their folder world writeable, enabling users will ill intent to overwrite the main services and executing a malicious application with SYSTEM privileges; or Panda shield disabling / backdooring w secret UID that proved to be unnecessary in the end. Also startling: Most AV do not sign database files.For less RE inclined readers many practical, self-contained tricks like section size adjustments against ClamAV and compression bombs against Kaspersky AV will manage to keep interest high. I learned for instance that Chinese Kingsoft’s Liebao browser (among other things) installed a browser extension to take screenshots of your desktop. Caveat emptor.What makes the books especially enjoyable for those longer in the game are the little tidbits and historical anecdotes woven into the text, which repays careful reading. I must not be the only one whose nostalgia is evoked by the anti-emulation check opening c:\con device (which works from Windows 95 to Windows 8.1 but not emulators), or the description of Symantec’s debugger-interdicted GSM VM which forced developers to invent their own debugging techniques, or when discussing old code in AV engines they identify AV vulnerabilities affecting detections for the metamorphic innovation Zmist/Mistfall.Many tools and other works are referenced in the text, but most inexplicably w/o URLs such as Joxean’s own Diaphora (I found something new and useful in the open source SAGE-like egas from the MoTool suite). There are a couple of typos and editing snafus (Wiley eds: it’s Waleed Assar, name is correct in URL not in text; double text on p.71). In my opinion, some illustrations, highlighting of important info and a glossary would have enhanced the book.Addendum as rejoinder to previous commenters: The content is very current (at least April 2015, may be as current as July 2015); as can be gleaned from TLS inspection, Kaspersky’s MiTM and FREAK attack exposure possibility text. The reason why ‘old’ vulnerabilities are shown is likely twofold: 1) as illustrative device to present general AV product audit mechanism for the evergreen design and implementation mistakes and 2) to quote p.294“Often, the security researchers are under the threat of being sued if they publish details about the vulnerabilities, even when they’re already fixed. This happened many times to me and to other researchers.”This type of adversarial attitude is in stark contrast to the positive community acknowledgements sprinkled throughout the book (eg Ange Albertini, The Grugq, Nguyen Anh Quynh and many others). Worth emulating, properly :) .
5 of 5 people found the following review helpful. Excellent practical RE guide beyond AV By Scott Piper The book explains AV from both sides (the AV developer and the attacker) helping to explain why and how. @matalaz (Joxean) has done a lot of work attacking AV. Having @0xeb (Elias) help out, who was one of the creators of EMET, likely helps give that defender perspective. Both are former Hex-Rays (maker of IDA Pro) employees, so they are awesome reversers, and both are developers, so the code (python) you see in the book is clean. The writing is personable and enjoyable to read, like a mentor teaching a topic they love. It reads much like "Practical Reverse Engineering" (which Elias also helped write) and is a great combination with that, so from one you learn how to reverse in general, and from this you can see specifically how to reverse a class of products and apply that knowledge to doing vuln research on them.The book describes all of the components of AV, from file scanning, to it's update mechanism, to touching briefly on things like browser plugins. The authors have extensive knowledge of this class of products and so comments about many different AV products are sprinkled throughout.This is an excellent practical guide to reverse engineering in general, that just happens to have AV as the common theme. It assumes some RE knowledge with IDA Pro, but beyond that everything else is free, open-source tools, with some (Diaphora and BCCF) written by Joxean. It uses every technique available to reverse products, such as investigating versions for different OSs which may have more symbols. It shows how to set up frameworks to run the AV's core scanner, which can help with not only fuzzing, but also is an important generic RE skill for using or testing a product's features.It is a practical guide to vuln research and shows how to investigate many areas of an attack surface. The focus is on file format fuzzing (as that is the biggest attack surface of AVs) but it also discusses permission and logical issues for escalation of privileges, MiTM attacks on the updates, and evasion tactics.My biggest concern with the book is that no versions or hashes or files being reversed are mentioned, and no download archive specific to the book appears to be available, so in time (now?) it won't be possible to play along with some of the reversing sessions and use the framework bindings. The concepts and material stand on their own, but it'd be nice to see an archive of these files appear on the Internet somewhere.
12 of 16 people found the following review helpful. This book is a mixture of BS and correct technical points. By Amazon Customer The BS:The book makes a very strong case of AVs being s*** in quality and full of vulnerabilities.In order to prove the point the authors dig up old vulnerabilities from an entire industry covering 40 vendors and starting from 2006!Most of the vulnerabilities listed in the book are from 2010-2013.And then the authors claim that modern PDF readers and office software are better written and more reliable.Come on, if one would investigate 40 different office software, for sure there would be a ton of exploitable vulnerabilities.The good:The book does give a well deserved kick in the pants for vendors who have outdated security practices. All modern code should be ASLR+DEP enabled, and all permissions should be verified enough to that they are correct.Instructions how to bypass AV signatures is kinda outdated, producing unique binaries will make you shine like a beacon in any modern product. That being said, if you use product without reputation cloud support you'd better enable it or switch products.Same with behavioral bypass, sure if you do your tests in a lab without internet connection you can hide, but in real environment you are painting yourself as a target.The part of how to find vulnerabilities in AV code is up to date and valid, almost every product contains obsolete functions last touched in 2008.Despite the inaccuracies, this book is a must read for every AV developer and development manager. There is no excuse to repeat any mistakes listed in this book.
See all 7 customer reviews... The Antivirus Hacker's Handbook, by Joxean Koret, Elias BachaalanyThe Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany PDF
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany iBooks
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany ePub
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany rtf
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany AZW
The Antivirus Hacker's Handbook, by Joxean Koret, Elias Bachaalany Kindle
Tidak ada komentar:
Posting Komentar