SlideShare a Scribd company logo

Evading Antivirus software for fun and profit

Download as PPTX, PDF
Mohammed Adam
Mohammed Adam

Antivirus evasion techniques are used by malware writers, as well as by penetration testers and vulnerability researchers, in order to bypass one or more antivirus software applications.

Engineering
1 of 19
EVADING ANTIVIRUS SOFTWARE FOR FUN AND PROFIT Presented by Mohammed Adam
AGENDA Looking into different type of Viruses Common AV detection Mechanisms How AMSI (Antimalware Scan Interface) works Bypassing some of the popular Antivirus softwares Better Approach Q & A Session References
LOOKING INTO DIFFERENT TYPE OF VIRUSES 1) Malware - Malicious activities - It will destroy content in hardware or disabling network capability 2) Spyware - Gather information - To learn victim's behaviour, its a software that aims to gather information about person or organization 3) Adware - Intrusive advertisements - Without your permission on computer - ads will popup and running - it may give revenue to hacker 4) Ransomware - Disable use of machine until payment is made - lockout victim system - it will be unlocked after paying monetary compensation 5) Worms - Self replicating - highly destructive 6) Trojan - Backdoor access - most intrusions requires exploit of vulnerability - initial foothold 7) Rootkits - Kernel level obfuscation - type of software designed to hide the fact that an OS has compromised, root kits allow viruses and malware to hide in plain sight - necessary false data antivirus software overlooked
COMMON AV DETECTION MECHANISM Signature based detection Anomaly or Behavioural based detection
SIGNATURE BASED DETECTION - After the users install the antivirus system, the user will need to continuously connected to the internet in order to receive updates from the antivirus vendor this updates are called signatures - Malware detectors will look for the absolute binary sequence of the code - For example, when a user downloads of all the content of the file in hexadecimal a binary is compared against the list of known virus signatures - Once's detected it will be removed or quarantined from the computer to ensure that computer functions normally.
ANOMALY OR BEHAVIOURAL BASED DETECTION • It will checks the running program for patterns of behaviour, so it gathers information about inspected process to find out behaviour. • If a user downloads a malicious file instead of checking file against list of known virus it checks what does the attachment do to the computer if the file says • Automatically deleting operating system files or any other malicious activity will reflect out and quarantine. • All of this techniques result in a yes/no decision using badness score
HOW AMSI WORKS ? • The antimalware scan interface allows AV vendors to see PowerShell, JavaScript, VBscript, office macros and few other scripting formats after deobfuscation and before execution. • AV then gets to make yes/no decision • Not all AV vendors supports AMSI • Which vendors support AMSI - github.com/subat0mik/whoamsi • If your AV/vendor doesn’t support AMSI, no business from their end
BYPASSING SOME OF THE POPULAR ANTIVIRUS SOFTWARES • AVIRA Free Antivirus Software and Windows Defender Enabled
PAYLOADALLTHINGS/POWERSHELL
INVOKE-OBFUSCATION
AVIRA AV BYPASSED !
BYPASSING SOME OF THE POPULAR ANTIVIRUS SOFTWARE'S (CONTD.) Kaspersky total Security
MSFVENOM & SHIKATA_GA_NAI
KASPERSKY AV BYPASSED !
BETTER APPROACH 1) Use of non malicious software in malicious ways • Instead of Metasploit psexec - use Psexec.exe from Microsoft • Instead of mimikatz.exe - dump LSASS memory with task manager and extract passwords Open taskmgr -> rightclick lsass.exe -> create dump file • Instead of hash dump, save our registry hives and extract hashes > reg.exe save HKLMSAM C:windowsTempSAM.hive > reg.exe save HKLMSYSTEM C:windowsTempSYSTEM.hive • Instead of meterpreter, use rdp, TeamViewer etc
BETTER APPROACH(CONTD.) • Run PowerShell Version 2 which doesn't support AMSI on windows 10 • Unhook API calls so that antivirus doesn't have any visibility • Encrypt the payload and decrypt at runtime (Hyperion, bypasses, static signatures and emulation) • Add extra strings to increase goodness score • Add extra data to go above certain thresholds • Allowing only Microsoft signed binaries • LOLBINS - Living Off the Land Binaries And Scripts (https://lolbas-project.github.io) - Verified AppLocker bypasses for default rules
Q & A Session
REFERENCES • https://www.lmgsecurity.com/common-antivirus-bypass-techniques/ • https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/ • https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/ • https://redsiege.com/tools-techniques/2021/08/bypass-sig-av/
Thankyou Team & Happy Weekend !

Recommended

DEFINING A SPYWARE
DEFINING A SPYWAREDEFINING A SPYWARE
DEFINING A SPYWARE
unnecessary34
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudhary
Saurav Chaudhary
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
Shabnam Bashir
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareJoxean Koret
 

Recommended

DEFINING A SPYWARE
DEFINING A SPYWAREDEFINING A SPYWARE
DEFINING A SPYWARE
unnecessary34
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudhary
Saurav Chaudhary
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
Shabnam Bashir
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareJoxean Koret
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av software
Thomas Pollet
 
Breaking Antivirus Software
Breaking Antivirus SoftwareBreaking Antivirus Software
Breaking Antivirus Softwarerahmanprojectd
 
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Akmal Hisyam
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Malware
MalwareMalware
Malware
josefrozhi12
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
PragatiKachhi1
 
Spyware
SpywareSpyware
Spyware
Peeyush Sharma
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
Sanguine_Eva
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
Eva Harshita
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
computer virus full explain ppt.pptx
computer virus full explain ppt.pptxcomputer virus full explain ppt.pptx
computer virus full explain ppt.pptx
TayyabaAbbas4
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
Vishalya Dulam
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
SdhrYdv1
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
Anthony Hasse
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
Mohammed Adam
 

More Related Content

Similar to Evading Antivirus software for fun and profit

Breaking av software
Breaking av softwareBreaking av software
Breaking av software
Thomas Pollet
 
Breaking Antivirus Software
Breaking Antivirus SoftwareBreaking Antivirus Software
Breaking Antivirus Softwarerahmanprojectd
 
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Akmal Hisyam
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Malware
MalwareMalware
Malware
josefrozhi12
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
PragatiKachhi1
 
Spyware
SpywareSpyware
Spyware
Peeyush Sharma
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
Sanguine_Eva
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
Eva Harshita
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
computer virus full explain ppt.pptx
computer virus full explain ppt.pptxcomputer virus full explain ppt.pptx
computer virus full explain ppt.pptx
TayyabaAbbas4
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
Vishalya Dulam
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
SdhrYdv1
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
Anthony Hasse
 

Similar to Evading Antivirus software for fun and profit (20)

Breaking av software
Breaking av softwareBreaking av software
Breaking av software
 
Breaking Antivirus Software
Breaking Antivirus SoftwareBreaking Antivirus Software
Breaking Antivirus Software
 
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Malware
MalwareMalware
Malware
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
 
Spyware
SpywareSpyware
Spyware
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
computer virus full explain ppt.pptx
computer virus full explain ppt.pptxcomputer virus full explain ppt.pptx
computer virus full explain ppt.pptx
 
Mitppt
MitpptMitppt
Mitppt
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 

More from Mohammed Adam

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
Mohammed Adam
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
Mohammed Adam
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
Mohammed Adam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
Mohammed Adam
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
Mohammed Adam
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
Mohammed Adam
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
Mohammed Adam
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
Mohammed Adam
 
Internet security
Internet securityInternet security
Internet security
Mohammed Adam
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
Mohammed Adam
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Network Security
Network SecurityNetwork Security
Network Security
Mohammed Adam
 

More from Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Recently uploaded

Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 

Recently uploaded (20)

Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 

Evading Antivirus software for fun and profit

  • 1. EVADING ANTIVIRUS SOFTWARE FOR FUN AND PROFIT Presented by Mohammed Adam
  • 2. AGENDA Looking into different type of Viruses Common AV detection Mechanisms How AMSI (Antimalware Scan Interface) works Bypassing some of the popular Antivirus softwares Better Approach Q & A Session References
  • 3. LOOKING INTO DIFFERENT TYPE OF VIRUSES 1) Malware - Malicious activities - It will destroy content in hardware or disabling network capability 2) Spyware - Gather information - To learn victim's behaviour, its a software that aims to gather information about person or organization 3) Adware - Intrusive advertisements - Without your permission on computer - ads will popup and running - it may give revenue to hacker 4) Ransomware - Disable use of machine until payment is made - lockout victim system - it will be unlocked after paying monetary compensation 5) Worms - Self replicating - highly destructive 6) Trojan - Backdoor access - most intrusions requires exploit of vulnerability - initial foothold 7) Rootkits - Kernel level obfuscation - type of software designed to hide the fact that an OS has compromised, root kits allow viruses and malware to hide in plain sight - necessary false data antivirus software overlooked
  • 4. COMMON AV DETECTION MECHANISM Signature based detection Anomaly or Behavioural based detection
  • 5. SIGNATURE BASED DETECTION - After the users install the antivirus system, the user will need to continuously connected to the internet in order to receive updates from the antivirus vendor this updates are called signatures - Malware detectors will look for the absolute binary sequence of the code - For example, when a user downloads of all the content of the file in hexadecimal a binary is compared against the list of known virus signatures - Once's detected it will be removed or quarantined from the computer to ensure that computer functions normally.
  • 6. ANOMALY OR BEHAVIOURAL BASED DETECTION • It will checks the running program for patterns of behaviour, so it gathers information about inspected process to find out behaviour. • If a user downloads a malicious file instead of checking file against list of known virus it checks what does the attachment do to the computer if the file says • Automatically deleting operating system files or any other malicious activity will reflect out and quarantine. • All of this techniques result in a yes/no decision using badness score
  • 7. HOW AMSI WORKS ? • The antimalware scan interface allows AV vendors to see PowerShell, JavaScript, VBscript, office macros and few other scripting formats after deobfuscation and before execution. • AV then gets to make yes/no decision • Not all AV vendors supports AMSI • Which vendors support AMSI - github.com/subat0mik/whoamsi • If your AV/vendor doesn’t support AMSI, no business from their end
  • 8. BYPASSING SOME OF THE POPULAR ANTIVIRUS SOFTWARES • AVIRA Free Antivirus Software and Windows Defender Enabled
  • 15. BETTER APPROACH 1) Use of non malicious software in malicious ways • Instead of Metasploit psexec - use Psexec.exe from Microsoft • Instead of mimikatz.exe - dump LSASS memory with task manager and extract passwords Open taskmgr -> rightclick lsass.exe -> create dump file • Instead of hash dump, save our registry hives and extract hashes > reg.exe save HKLMSAM C:windowsTempSAM.hive > reg.exe save HKLMSYSTEM C:windowsTempSYSTEM.hive • Instead of meterpreter, use rdp, TeamViewer etc
  • 16. BETTER APPROACH(CONTD.) • Run PowerShell Version 2 which doesn't support AMSI on windows 10 • Unhook API calls so that antivirus doesn't have any visibility • Encrypt the payload and decrypt at runtime (Hyperion, bypasses, static signatures and emulation) • Add extra strings to increase goodness score • Add extra data to go above certain thresholds • Allowing only Microsoft signed binaries • LOLBINS - Living Off the Land Binaries And Scripts (https://lolbas-project.github.io) - Verified AppLocker bypasses for default rules
  • 17. Q & A Session
  • 18. REFERENCES • https://www.lmgsecurity.com/common-antivirus-bypass-techniques/ • https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/ • https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/ • https://redsiege.com/tools-techniques/2021/08/bypass-sig-av/