You are previewing The Antivirus Hacker's Handbook.
O'Reilly logo
The Antivirus Hacker's Handbook

Book Description

Hack your antivirus software to stamp out future vulnerabilities

The Antivirus Hacker's Handbook guides you through the process of reverse engineering antivirus software. You explore how to detect and exploit vulnerabilities that can be leveraged to improve future software design, protect your network, and anticipate attacks that may sneak through your antivirus' line of defense. You'll begin building your knowledge by diving into the reverse engineering process, which details how to start from a finished antivirus software program and work your way back through its development using the functions and other key elements of the software. Next, you leverage your new knowledge about software development to evade, attack, and exploit antivirus software—all of which can help you strengthen your network and protect your data.

While not all viruses are damaging, understanding how to better protect your computer against them can help you maintain the integrity of your network.

  • Discover how to reverse engineer your antivirus software

  • Explore methods of antivirus software evasion

  • Consider different ways to attack and exploit antivirus software

  • Understand the current state of the antivirus software market, and get recommendations for users and vendors who are leveraging this software

  • The Antivirus Hacker's Handbook is the essential reference for software reverse engineers, penetration testers, security researchers, exploit writers, antivirus vendors, and software engineers who want to understand how to leverage current antivirus software to improve future applications.

    Table of Contents

    1. Introduction
      1. Overview of the Book and Technology
      2. How This Book Is Organized
      3. Who Should Read This Book
      4. Tools You Will Need
      5. What's on the Wiley Website
      6. Summary (From Here, Up Next, and So On)
    2. Part I: Antivirus Basics
      1. Chapter 1: Introduction to Antivirus Software
        1. What Is Antivirus Software?
        2. Antivirus Software: Past and Present
        3. Antivirus Scanners, Kernels, and Products
        4. Typical Misconceptions about Antivirus Software
        5. Antivirus Features
        6. Summary
      2. Chapter 2: Reverse-Engineering the Core
        1. Reverse-Engineering Tools
        2. Debugging Tricks
        3. Porting the Core
        4. A Practical Example: Writing Basic Python Bindings for Avast for Linux
        5. A Practical Example: Writing Native C/C++ Tools for Comodo Antivirus for Linux
        6. Other Components Loaded by the Kernel
        7. Summary
      3. Chapter 3: The Plug-ins System
        1. Understanding How Plug-ins Are Loaded
        2. Types of Plug-ins
        3. Some Advanced Plug-ins
        4. Summary
      4. Chapter 4: Understanding Antivirus Signatures
        1. Typical Signatures
        2. Advanced Signatures
        3. Summary
      5. Chapter 5: The Update System
        1. Understanding the Update Protocols
        2. Dissecting an Update Protocol
        3. When Protection Is Done Wrong
        4. Summary
    3. Part II: Antivirus Software Evasion
      1. Chapter 6: Antivirus Software Evasion
        1. Who Uses Antivirus Evasion Techniques?
        2. Discovering Where and How Malware Is Detected
        3. Summary
      2. Chapter 7: Evading Signatures
        1. File Formats: Corner Cases and Undocumented Cases
        2. Evading a Real Signature
        3. Evasion Tips and Tricks for Specific File Formats
        4. Summary
      3. Chapter 8: Evading Scanners
        1. Generic Evasion Tips and Tricks
        2. Automating Evasion of Scanners
        3. Summary
      4. Chapter 9: Evading Heuristic Engines
        1. Heuristic Engine Types
        2. Summary
      5. Chapter 10: Identifying the Attack Surface
        1. Understanding the Local Attack Surface
        2. Incorrect Access Control Lists
        3. Understanding the Remote Attack Surface
        4. Summary
      6. Chapter 11: Denial of Service
        1. Local Denial-of-Service Attacks
        2. Remote Denial-of-Service Attacks
        3. Summary
    4. Part III: Analysis and Exploitation
      1. Chapter 12: Static Analysis
        1. Performing a Manual Binary Audit
        2. Summary
      2. Chapter 13: Dynamic Analysis
        1. Fuzzing
        2. Summary
      3. Chapter 14: Local Exploitation
        1. Exploiting Backdoors and Hidden Features
        2. Finding Invalid Privileges, Permissions, and ACLs
        3. Searching Kernel-Land for Hidden Features
        4. More Logical Kernel Vulnerabilities
        5. Summary
      4. Chapter 15: Remote Exploitation
        1. Implementing Client-Side Exploitation
        2. Server-Side Exploitation
        3. Summary
    5. Part IV: Current Trends and Recommendations
      1. Chapter 16: Current Trends in Antivirus Protection
        1. Matching the Attack Technique with the Target
        2. Targeting Governments and Big Companies
        3. Summary
      2. Chapter 17: Recommendations and the Possible Future
        1. Recommendations for Users of Antivirus Products
        2. Recommendations for Antivirus Vendors
        3. Summary
    6. End User License Agreement