Nytro Posted May 26, 2014 Report Share Posted May 26, 2014 Troopers 14 - Easy Ways To Bypass Anti-Virus Systems - Attila Marosi Description: All IT security professionals know that antivirus systems can be avoided. But few of them knows that it is very easy to do. (If it is easy to do, its impact is huge!) In this presentation I will, on the spot, fully bypass several antivirus systems using basic techniques! I will bypass: signatures detection, emulation/virtualization, sandboxing, firewalls. How much time (development) is needed for it, for this result? Not more than 15 hours without a cent of investment! If I could do this, anyone can do this… so I think we have to focus to this problem.Using these easy techniques I can create a ‘dropper’ that can deliver any kind of Metasploit (or anything else) shellcode and bypass several well-known antivirus in real-life and full bypass the VirusTotal.com detection with a detection rate in 0.In my presentation I use 6 virtual machines and 9 real-time demos. Resulting the audience always have a big fun and surprise when they see the most well-know systems to fail – and the challenges what the AVs cannot solved are ridiculously simple and old. So the IT professionals might think too much about the systems which they rely on and which cost so much.Bypassed AntiVirus Systems:F-Secure, AVG, NOD32 6 and 7, !avast, Kaspersky, Trend Micro, McAfee…Educational value of the topic:We look at how the virus writers develop their codes.We will develop a puzzle which may distract the AV virtualization engine to avoid the detection.We will develop a code to encrypt/decypt our malicious shellcode.We will look at which built-in Windows functions helps the attacker to inject malicious code to a viction process and we try it. (We will use the iexplorer.exe to bypass the firewall.)We will look at what solutions are often used to avoid the sandbox.Learn the difference between the metamorphous and polymorphous code. I wrote a python script which can create a metamorphous version from a byte code. We will test it in realtime and it will be able to seen, that it is a real challenge for the AVs.BIO: Attila Marosi has always been working in information security field since he started working. As a lieutenant of active duty he worked for years on special information security tasks occuring within the SSNS. Newly he was transferred to the just established GovCERT-Hungary, wich is an additional national level in the internationally known system of CERT offices. He has several international certificates such as CEH, ECSA, OSCP, OSCE. During his free time he also read lections and does some teaching on different levels; on the top of them for white hat hackers. He has presented at many security conferences including Hacker Halted, DeepSEC and Ethical Hacking.For More Information please visit : - https://www.troopers.de Sursa: Troopers 14 - Easy Ways To Bypass Anti-Virus Systems - Attila Marosi 1 Quote Link to comment Share on other sites More sharing options...
