Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Inside AV engines?

from [Fósforo] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Inside AV engines?
Date: Tue, 13 Dec 2005 23:05:17 -0300 
... or you can try one crypt/packer ($$$) called Morphine -
http://hxdef.czweb.org/
Assuming your company is going to support an exclusive antidetection
tool like that

2005/12/13, Michael Tewner <tewner@jct.ac.il>:

Check The Art of Computer Virus Research and Defense (Paperback)
by Peter Szor. It is one of the foremost books in Virus detection, etc,
and I found it to be a valuable read...

Examples are in C code, and there's a lot of memory dumping, etc. Check
slashdot's review if you want.

Jeroen wrote:

For penetration testing on Wintel system, I often use netcat.exe and stuff
like pwdump. More and more I need to disable anti-virus services before
running the tools to avoid alarms and auto-deletion of the applications. It
works but it isn't an ideal situation since theoretically a network can be
infected while the AV-services are down. Recompiling tools is an option
since the source of many tools I use is available. The question is (before I
burn useless CPU cycles): can someone help me getting info about the inside
of AV engines? Will addition of some rubbish to the code do the trick (->
other checksum), do I need to change some core code or is it a mission
impossible anyway? Who can help for example getting some useful research
papers on the subject of detecting viruses and how to bypass mechanisms
used? Any help will be appreciated.


Greets,

Jeroen


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--

----------------------------------------------

"O  caminho  do  homem  de  bem  é  cercado de
todos os lados  pelas  iniqüidades do  egoísmo
e tirania  dos homens maus.  Abençoados os que,
em  nome da caridade e  boa vontade,  conduzem
os  fracos pelo  vale das  sombras, pois ele é
o  guardião  de seu irmão e o  que encontra os
filhos perdidos. E eu vou  atacar com vingança
e fúria  os que tentarem  envenenar e destruir
meus irmãos. E quando minha vingança se abater
sobre  eles,  saberão  que  eu sou  o Senhor."

(Ezequiel, 25, 17)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cracking WEP and WPA keys, Michael Sierchio
Next by Date:  [Full-disclosure] ASP Hack tools ?, Mark Sec
Previous by Thread:  Re: [Full-disclosure] Inside AV engines?, Michael Tewner
Next by Thread:  Re: [Full-disclosure] Inside AV engines?, AgentSmith15
Indexes:  [Date] [Thread] [Top] [All Lists]