Develop more secure and effective antivirus solutions by leveraging antivirus bypass techniques

Key Features

• Gain a clear understanding of the security landscape and research approaches to bypass antivirus software
• Become well-versed with practical techniques to bypass antivirus solutions
• Discover best practices to develop robust antivirus solutions

Book Description

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.

The book starts by introducing you to the cybersecurity landscape, focusing on cyber threats, malware, and more. You will learn how to collect leads to research antivirus and explore the two common bypass approaches used by the authors. Once you've covered the essentials of antivirus research and bypassing, you'll get hands-on with bypassing antivirus software using obfuscation, encryption, packing, PowerShell, and more. Toward the end, the book covers security improvement recommendations, useful for both antivirus vendors as well as for developers to help strengthen the security and malware detection capabilities of antivirus software.

By the end of this security book, you'll have a better understanding of antivirus software and be able to confidently bypass antivirus software.

What you will learn

• Explore the security landscape and get to grips with the fundamentals of antivirus software
• Discover how to gather AV bypass research leads using malware analysis tools
• Understand the two commonly used antivirus bypass approaches
• Find out how to bypass static and dynamic antivirus engines
• Understand and implement bypass techniques in real-world scenarios
• Leverage best practices and recommendations for implementing antivirus solutions

Who this book is for

This book is for security researchers, malware analysts, reverse engineers, pentesters, antivirus vendors looking to strengthen their detection capabilities, antivirus users and companies that want to test and evaluate their antivirus software, organizations that want to test and evaluate antivirus software before purchase or acquisition, and tech-savvy individuals who want to learn new topics.

Table of Contents

1. Introduction to the Security Landscape
2. Before Research Begins
3. Antivirus Research Approaches
4. Bypassing the Dynamic Engine
5. Bypassing the Static Engine
6. Other Antivirus Bypass Techniques
7. Antivirus Bypass Techniques in Red Team Operations
8. Best Practices and Recommendations

Review

"Any cyber intelligence OSINT hunter is happy to find a tool with zero detections of antivirus software and vendors. I found ‘Antivirus Bypass Techniques’ to be an important and essential book for learning more about these bypass techniques. Whether you are blue, red, or purple, you can learn crucial methods and critical knowledge about the world of bypassing antivirus software. A very comprehensive book, well-written, easy to understand, and with the PoCs featured in the book, you can become a better security professional in the future. Recommended!"

Source: Ohad Zaidenberg, Lead Cyber Intelligence Researcher, Anheuser-Busch InBev

About the Author

Nir Yehoshua is an Israeli security researcher with more than 8 years of experience in several information security fields. His specialties include vulnerability research, malware analysis, reverse engineering, penetration testing, and incident response. He is an alumnus of an elite security research and incident response team in the Israel Defense Forces. Today, Nir is a full-time bug bounty hunter and consults for Fortune 500 companies, aiding them in detecting and preventing cyber-attacks. Over the years, Nir has discovered security vulnerabilities in several companies, including FACEIT, Bitdefender, McAfee, Intel, Bosch, and eScan Antivirus, who have mentioned him in their Hall of Fame. Uriel Kosayev is an Israeli security researcher with over eight years of experience in the cybersecurity field. Uriel is the author of the Antivirus Bypass Techniques book and a lecturer who has developed courses in the cybersecurity field. Uriel has hands-on experience in malware research, reverse engineering, penetration testing, digital forensics, and incident response. During his army service, Uriel worked to strengthen an elite incident response team in both practical and methodological ways.