Atjaunināt sīkdatņu piekrišanu

E-grāmata: Antivirus Hacker's Handbook

4.24/5 (70 ratings by Goodreads)
,
  • Formāts: PDF+DRM
  • Izdošanas datums: 19-Aug-2015
  • Izdevniecība: John Wiley & Sons Inc
  • Valoda: eng
  • ISBN-13: 9781119028765
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 45,20 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
  • Bibliotēkām
Antivirus Hacker's HandbookPalielināt
  • Formāts: PDF+DRM
  • Izdošanas datums: 19-Aug-2015
  • Izdevniecība: John Wiley & Sons Inc
  • Valoda: eng
  • ISBN-13: 9781119028765
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Hack your antivirus software to stamp out future vulnerabilities

The Antivirus Hacker's Handbook guides you through the process of reverse engineering antivirus software. You explore how to detect and exploit vulnerabilities that can be leveraged to improve future software design, protect your network, and anticipate attacks that may sneak through your antivirus' line of defense. You'll begin building your knowledge by diving into the reverse engineering process, which details how to start from a finished antivirus software program and work your way back through its development using the functions and other key elements of the software. Next, you leverage your new knowledge about software development to evade, attack, and exploit antivirus software—all of which can help you strengthen your network and protect your data.

While not all viruses are damaging, understanding how to better protect your computer against them can help you maintain the integrity of your network.

  • Discover how to reverse engineer your antivirus software
  • Explore methods of antivirus software evasion
  • Consider different ways to attack and exploit antivirus software
  • Understand the current state of the antivirus software market, and get recommendations for users and vendors who are leveraging this software

The Antivirus Hacker's Handbook is the essential reference for software reverse engineers, penetration testers, security researchers, exploit writers, antivirus vendors, and software engineers who want to understand how to leverage current antivirus software to improve future applications.

Introduction xix
Part I Antivirus Basics
1(102)
Chapter 1 Introduction to Antivirus Software
3(12)
What Is Antivirus Software?
3(1)
Antivirus Software: Past and Present
4(1)
Antivirus Scanners, Kernels, and Products
5(1)
Typical Misconceptions about Antivirus Software
6(1)
Antivirus Features
7(6)
Basic Features
7(1)
Making Use of Native Languages
7(1)
Scanners
8(1)
Signatures
8(1)
Compressors and Archives
9(1)
Unpackers
10(1)
Emulators
10(1)
Miscellaneous File Formats
11(1)
Advanced Features
11(1)
Packet Filters and Firewalls
11(1)
Self-Protection
12(1)
Anti-Exploiting
12(1)
Summary
13(2)
Chapter 2 Reverse-Engineering the Core
15(42)
Reverse-Engineering Tools
15(5)
Command-Line Tools versus GUI Tools
16(1)
Debugging Symbols
17(1)
Tricks for Retrieving Debugging Symbols
17(3)
Debugging Tricks
20(8)
Backdoors and Configuration Settings
21(2)
Kernel Debugging
23(2)
Debugging User-Mode Processes with a Kernel-Mode Debugger
25(2)
Analyzing AV Software with Command-Line Tools
27(1)
Porting the Core
28(1)
A Practical Example: Writing Basic Python Bindings for Avast for Linux
29(8)
A Brief Look at Avast for Linux
29(3)
Writing Simple Python Bindings for Avast for Linux
32(5)
The Final Version of the Python Bindings
37(1)
A Practical Example: Writing Native C/C++ Tools for Comodo Antivirus for Linux
37(18)
Other Components Loaded by the Kernel
55(1)
Summary
56(1)
Chapter 3 The Plug-ins System
57(20)
Understanding How Plug-ins Are Loaded
58(4)
A Full-Featured Linker in Antivirus Software
58(1)
Understanding Dynamic Loading
59(1)
Advantages and Disadvantages of the Approaches for Packaging Plug-ins
60(2)
Types of Plug-ins
62(7)
Scanners and Generic Routines
63(1)
File Format and Protocol Support
64(1)
Heuristics
65(1)
Bayesian Networks
66(1)
Bloom Filters
67(1)
Weights-Based Heuristics
68(1)
Some Advanced Plug-ins
69(5)
Memory Scanners
69(1)
Non-native Code
70(2)
Scripting Languages
72(1)
Emulators
73(1)
Summary
74(3)
Chapter 4 Understanding Antivirus Signatures
77(10)
Typical Signatures
77(3)
Byte-Streams
78(1)
Checksums
78(1)
Custom Checksums
79(1)
Cryptographic Hashes
80(1)
Advanced Signatures
80(5)
Fuzzy Hashing
81(2)
Graph-Based Hashes for Executable Files
83(2)
Summary
85(2)
Chapter 5 The Update System
87(16)
Understanding the Update Protocols
88(4)
Support for SSL/TLS
89(2)
Verifying the Update Files
91(1)
Dissecting an Update Protocol
92(8)
When Protection Is Done Wrong
100(1)
Summary
101(2)
Part II Antivirus Software Evasion
103(114)
Chapter 6 Antivirus Software Evasion
105(12)
Who Uses Antivirus Evasion Techniques?
106(1)
Discovering Where and How Malware Is Detected
107(7)
Old Tricks for Determining Where Malware Is Detected: Divide and Conquer
107(1)
Evading a Simple Signature-Based Detection with the Divide and Conquer Trick
108(5)
Binary Instrumentation and Taint Analysis
113(1)
Summary
114(3)
Chapter 7 Evading Signatures
117(16)
File Formats: Corner Cases and Undocumented Cases
118(1)
Evading a Real Signature
118(6)
Evasion Tips and Tricks for Specific File Formats
124(7)
PE Files
124(2)
JavaScript
126(1)
String Encoding
127(1)
Executing Code on the Fly
128(1)
Hiding the Logic: Opaque Predicates and Junk Code
128(1)
PDF
129(2)
Summary
131(2)
Chapter 8 Evading Scanners
133(32)
Generic Evasion Tips and Tricks
133(15)
Fingerprinting Emulators
134(2)
Advanced Evasion Tricks
136(1)
Taking Advantage of File Format Weaknesses
136(1)
Using Anti-emulation Techniques
137(5)
Using Anti-disassembling Techniques
142(2)
Disrupting Code Analyzers through Anti-analysis
144(3)
More Anti-Anti-Anti...
147(1)
Causing File Format Confusion
148(1)
Automating Evasion of Scanners
148(14)
Initial Steps
149(1)
Installing ClamAV
150(1)
Installing Avast
150(1)
Installing AVG
151(1)
Installing F-Prot
152(1)
Installing Comodo
153(1)
Installing Zoner Antivirus
154(1)
MultiAV Configuration
154(4)
peCloak
158(2)
Writing the Final Tool
160(2)
Summary
162(3)
Chapter 9 Evading Heuristic Engines
165(18)
Heuristic Engine Types
165(15)
Static Heuristic Engines
166(1)
Bypassing a Simplistic Static Heuristic Engine
166(7)
Dynamic Heuristic Engines
173(1)
Userland Hooks
173(3)
Bypassing a Userland HIPS
176(2)
Kernel-Land Hooks
178(2)
Summary
180(3)
Chapter 10 Identifying the Attack Surface
183(24)
Understanding the Local Attack Surface
185(2)
Finding Weaknesses in File and Directory Privileges
185(1)
Escalation of Privileges
186(1)
Incorrect Privileges in Files and Folders
186(1)
Incorrect Access Control Lists
187(10)
Kernel-Level Vulnerabilities
187(1)
Exotic Bugs
188(1)
Exploiting SUID and SGID Binaries on Unix-Based Platforms
189(1)
ASLR and DEP Status for Programs and Binaries
190(3)
Exploiting Incorrect Privileges on Windows Objects
193(3)
Exploiting Logical Flaws
196(1)
Understanding the Remote Attack Surface
197(6)
File Parsers
198(1)
Generic Detection and File Disinfection Code
199(1)
Network Services, Administration Panels, and Consoles
199(1)
Firewalls, Intrusion Detection Systems, and Their Parsers
200(1)
Update Services
201(1)
Browser Plug-ins
201(1)
Security Enhanced Software
202(1)
Summary
203(4)
Chapter 11 Denial of Service
207(10)
Local Denial-of-Service Attacks
208(6)
Compression Bombs
208(1)
Creating a Simple Compression Bomb
209(3)
Bugs in File Format Parsers
212(1)
Attacks against Kernel Drivers
213(1)
Remote Denial-of-Service Attacks
214(1)
Compression Bombs
214(1)
Bugs in File Format Parsers
215(1)
Summary
215(2)
Part III Analysis and Exploitation
217(104)
Chapter 12 Static Analysis
219(16)
Performing a Manual Binary Audit
219(14)
File Format Parsers
220(8)
Remote Services
228(5)
Summary
233(2)
Chapter 13 Dynamic Analysis
235(34)
Fuzzing
235(31)
What Is a Fuzzer?
236(1)
Simple Fuzzing
237(2)
Automating Fuzzing of Antivirus Products
239(1)
Using Command-Line Tools
240(3)
Porting Antivirus Kernels to Unix
243(1)
Fuzzing with Wine
244(3)
Problems, Problems, and More Problems
247(1)
Finding Good Templates
248(2)
Finding Template Files
250(2)
Maximizing Code Coverage
252(1)
Blind Code Coverage Fuzzer
253(1)
Using Blind Code Coverage Fuzzer
254(5)
Nightmare, the Fuzzing Suite
259(1)
Configuring Nightmare
260(2)
Finding Samples
262(1)
Configuring and Running the Fuzzer
262(4)
Summary
266(3)
Chapter 14 Local Exploitation
269(28)
Exploiting Backdoors and Hidden Features
270(4)
Finding Invalid Privileges, Permissions, and ACLs
274(5)
Searching Kernel-Land for Hidden Features
279(6)
More Logical Kernel Vulnerabilities
285(10)
Summary
295(2)
Chapter 15 Remote Exploitation
297(24)
Implementing Client-Side Exploitation
297(20)
Exploiting Weakness in Sandboxing
297(1)
Exploiting ASLR, DEP, and RWX Pages at Fixed Addresses
298(2)
Writing Complex Payloads
300(1)
Taking Advantage of Emulators
301(1)
Exploiting Archive Files
302(1)
Finding Weaknesses in Intel x86, AMD x86_64, and ARM Emulators
303(1)
Using JavaScript, VBScript, or ActionScript
303(1)
Determining What an Antivirus Supports
304(2)
Launching the Final Payload
306(1)
Exploiting the Update Services
307(1)
Writing an Exploit for an Update Service
308(9)
Server-Side Exploitation
317(1)
Differences between Client-Side and Server-Side Exploitation
317(1)
Exploiting ASLR, DEP, and RWX Pages at Fixed Addresses
318(1)
Summary
318(3)
Part IV Current Trends and Recommendations
321(26)
Chapter 16 Current Trends in Antivirus Protection
323(8)
Matching the Attack Technique with the Target
324(2)
The Diversity of Antivirus Products
324(1)
Zero-Day Bugs
324(1)
Patched Bugs
325(1)
Targeting Home Users
325(1)
Targeting Small to Medium-Sized Companies
326(1)
Targeting Governments and Big Companies
326(2)
The Targets of Governments
327(1)
Summary
328(3)
Chapter 17 Recommendations and the Possible Future
331(16)
Recommendations for Users of Antivirus Products
331(7)
Blind Trust Is a Mistake
332(5)
Isolating Machines Improves Protection
337(1)
Auditing Security Products
338(1)
Recommendations for Antivirus Vendors
338(6)
Engineering Is Different from Security
339(1)
Exploiting Antivirus Software Is Trivial
339(1)
Perform Audits
340(1)
Fuzzing
340(1)
Use Privileges Safely
341(1)
Reduce Dangerous Code in Parsers
342(1)
Improve the Safety of Update Services and Protocols
342(1)
Remove or Disable Old Code
343(1)
Summary
344(3)
Index 347
JOXEAN KORET is a security researcher at Coseinc, a Singapore-based security services firm. He is an in-demand speaker at international security conferences, and a well-regarded specialist in reverse-engineering, vulnerability research, and malware analysis.

ELIAS BACHAALANY is a computer programmer, reverse engineer, and technical writer employed by Microsoft. An authority in multiple programming languages, database design, and web development, he played an instrumental role in the IDAPython project and IDA Pro's scripting facilities development.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97811190287652e.html
Keywords: