Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques
Key Features
Gain a clear understanding of the security landscape and research approaches to bypass antivirus software Become well-versed with practical techniques to bypass antivirus solutions Discover best practices to develop robust antivirus solutions
Book DescriptionAntivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.
The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you've covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software.
By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software.
What you will learn
Explore the security landscape and get to grips with the fundamentals of antivirus software Discover how to gather AV bypass research leads using malware analysis tools Understand the two commonly used antivirus bypass approaches Find out how to bypass static and dynamic antivirus engines Understand and implement bypass techniques in real-world scenarios Leverage best practices and recommendations for implementing antivirus solutions
Who this book is forThis book is for security researchers, malware analysts, reverse engineers, pentesters, antivirus vendors looking to strengthen their detection capabilities, antivirus users and companies that want to test and evaluate their antivirus software, organizations that want to test and evaluate antivirus software before purchase or acquisition, and tech-savvy individuals who want to learn new topics.
Table of Contents
Introduction to the Security Landscape
Before Research Begins
Antivirus Research Approaches
Bypassing the Dynamic Engine
Bypassing the Static Engine
Other Antivirus Bypass Techniques
Antivirus Bypass Techniques in Red Team Operations
Best Practices and Recommendations
Nir Yehoshua is an Israeli security researcher with more than 8 years of experience in several information security fields. His specialties include vulnerability research, malware analysis, reverse engineering, penetration testing, and incident response. He is an alumnus of an elite security research and incident response team in the Israel Defense Forces. Today, Nir is a full-time bug bounty hunter and consults for Fortune 500 companies, aiding them in detecting and preventing cyber-attacks. Over the years, Nir has discovered security vulnerabilities in several companies, including FACEIT, Bitdefender, McAfee, Intel, Bosch, and eScan Antivirus, who have mentioned him in their Hall of Fame. Uriel Kosayev is an Israeli security researcher with over eight years of experience in the cybersecurity field. Uriel is the author of the Antivirus Bypass Techniques book and a lecturer who has developed courses in the cybersecurity field. Uriel has hands-on experience in malware research, reverse engineering, penetration testing, digital forensics, and incident response. During his army service, Uriel worked to strengthen an elite incident response team in both practical and methodological ways.
