Full Disclosure mailing list archives
Re: Inside AV engines?
From: AgentSmith15 <agentsmith15 () gmail com>
Date: Wed, 14 Dec 2005 13:22:18 -0600
I have to warn you about Morphine that if you use it AVs like KAV will detect and warn a user that this is a morphined file + scan inside. It's also open source in Delphi so with a couple modifications you should be good :)
On 12/13/05, Fósforo <fosforo () gmail com> wrote:... or you can try one crypt/packer ($$$) called Morphine - http://hxdef.czweb.org/ Assuming your company is going to support an exclusive antidetection tool like that 2005/12/13, Michael Tewner <tewner () jct ac il>:Check The Art of Computer Virus Research and Defense (Paperback) by Peter Szor. It is one of the foremost books in Virus detection,etc,and I found it to be a valuable read... Examples are in C code, and there's a lot of memory dumping, etc.Checkslashdot's review if you want. Jeroen wrote:For penetration testing on Wintel system, I often use netcat.exe andstufflike pwdump. More and more I need to disable anti-virus servicesbeforerunning the tools to avoid alarms and auto-deletion of theapplications. Itworks but it isn't an ideal situation since theoretically a networkcan beinfected while the AV-services are down. Recompiling tools is anoptionsince the source of many tools I use is available. The question is(before Iburn useless CPU cycles): can someone help me getting info about theinsideof AV engines? Will addition of some rubbish to the code do thetrick (->other checksum), do I need to change some core code or is it amissionimpossible anyway? Who can help for example getting some usefulresearchpapers on the subject of detecting viruses and how to bypassmechanismsused? Any help will be appreciated. Greets, Jeroen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- ---------------------------------------------- "O caminho do homem de bem é cercado de todos os lados pelas iniqüidades do egoísmo e tirania dos homens maus. Abençoados os que, em nome da caridade e boa vontade, conduzem os fracos pelo vale das sombras, pois ele é o guardião de seu irmão e o que encontra os filhos perdidos. E eu vou atacar com vingança e fúria os que tentarem envenenar e destruir meus irmãos. E quando minha vingança se abater sobre eles, saberão que eu sou o Senhor." (Ezequiel, 25, 17) ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Inside AV engines? Jeroen (Dec 12)
- Re: Inside AV engines? ad () heapoverflow com (Dec 12)
- Re: Inside AV engines? Valdis Shkesters (Dec 12)
- Re: Inside AV engines? Michael Tewner (Dec 13)
- Re: Inside AV engines? Fósforo (Dec 13)
- Message not available
- Re: Inside AV engines? AgentSmith15 (Dec 14)
- Re: Inside AV engines? Fósforo (Dec 14)
- Re: Inside AV engines? Fósforo (Dec 13)