LEADER 05267nam 2200661 450 001 9910824210803321 005 20200520144314.0 010 $a1-119-18352-9 010 $a1-119-02878-7 010 $a1-119-02876-0 035 $a(CKB)3710000000466358 035 $a(EBL)1985804 035 $a(SSID)ssj0001654785 035 $a(PQKBManifestationID)16435118 035 $a(PQKBTitleCode)TC0001654785 035 $a(PQKBWorkID)14981639 035 $a(PQKB)11482836 035 $a(Au-PeEL)EBL1985804 035 $a(CaPaEBR)ebr11092844 035 $a(OCoLC)919344166 035 $a(CaSebORM)9781119028758 035 $a(MiAaPQ)EBC1985804 035 $a(PPN)242965008 035 $a(EXLCZ)993710000000466358 100 $a20150702h20152015 uy| 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 14$aThe Antivirus hacker's handbook /$fJoxean Koret, Elias Bachaalany 205 $aFirst edition. 210 1$aIndianapolis, IN :$cJohn Wiley and Sons,$d[2015] 210 4$dİ2015 215 $a1 online resource (384 p.) 300 $aIncludes index. 311 $a1-119-02875-2 327 $aCover; Title Page; Copyright; Contents; Introduction; Part I Antivirus Basics; Chapter 1 Introduction to Antivirus Software; What Is Antivirus Software?; Antivirus Software: Past and Present; Antivirus Scanners, Kernels, and Products; Typical Misconceptions about Antivirus Software; Antivirus Features; Basic Features; Making Use of Native Languages; Scanners; Signatures; Compressors and Archives; Unpackers; Emulators; Miscellaneous File Formats; Advanced Features; Packet Filters and Firewalls; Self-Protection; Anti-Exploiting; Summary; Chapter 2 Reverse-Engineering the Core 327 $aReverse-Engineering ToolsCommand-Line Tools versus GUI Tools; Debugging Symbols; Tricks for Retrieving Debugging Symbols; Debugging Tricks; Backdoors and Configuration Settings; Kernel Debugging; Debugging User-Mode Processes with a Kernel-Mode Debugger; Analyzing AV Software with Command-Line Tools; Porting the Core; A Practical Example: Writing Basic Python Bindings for Avast for Linux; A Brief Look at Avast for Linux; Writing Simple Python Bindings for Avast for Linux; The Final Version of the Python Bindings; A Practical Example: Writing Native C/C++ Tools for Comodo Antivirus for Linux 327 $aOther Components Loaded by the KernelSummary; Chapter 3 The Plug-ins System; Understanding How Plug-ins Are Loaded; A Full-Featured Linker in Antivirus Software; Understanding Dynamic Loading; Advantages and Disadvantages of the Approaches for Packaging Plug-ins; Types of Plug-ins; Scanners and Generic Routines; File Format and Protocol Support; Heuristics; Bayesian Networks; Bloom Filters; Weights-Based Heuristics; Some Advanced Plug-ins; Memory Scanners; Non-native Code; Scripting Languages; Emulators; Summary; Chapter 4 Understanding Antivirus Signatures; Typical Signatures; Byte-Streams 327 $aChecksumsCustom Checksums; Cryptographic Hashes; Advanced Signatures; Fuzzy Hashing; Graph-Based Hashes for Executable Files; Summary; Chapter 5 The Update System; Understanding the Update Protocols; Support for SSL/TLS; Verifying the Update Files; Dissecting an Update Protocol; When Protection Is Done Wrong; Summary; Part II Antivirus Software Evasion; Chapter 6 Antivirus Software Evasion; Who Uses Antivirus Evasion Techniques?; Discovering Where and How Malware Is Detected; Old Tricks for Determining Where Malware Is Detected: Divide and Conquer 327 $aEvading a Simple Signature-Based Detection with the Divide and Conquer TrickBinary Instrumentation and Taint Analysis; Summary; Chapter 7 Evading Signatures; File Formats: Corner Cases and Undocumented Cases; Evading a Real Signature; Evasion Tips and Tricks for Specific File Formats; PE Files; JavaScript; String Encoding; Executing Code on the Fly; Hiding the Logic: Opaque Predicates and Junk Code; PDF; Summary; Chapter 8 Evading Scanners; Generic Evasion Tips and Tricks; Fingerprinting Emulators; Advanced Evasion Tricks; Taking Advantage of File Format Weaknesses 327 $aUsing Anti-emulation Techniques 330 $aHack your antivirus software to stamp out future vulnerabilities The Antivirus Hacker's Handbook guides you through the process of reverse engineering antivirus software. You explore how to detect and exploit vulnerabilities that can be leveraged to improve future software design, protect your network, and anticipate attacks that may sneak through your antivirus' line of defense. You'll begin building your knowledge by diving into the reverse engineering process, which details how to start from a finished antivirus software program and work your way back through its development using the func 606 $aHackers$vHandbooks, manuals, etc 606 $aComputer viruses$vHandbooks, manuals, etc 615 0$aHackers 615 0$aComputer viruses 676 $a005.84 700 $aKoret$b Joxean$01604566 702 $aBachaalany$b Elias 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910824210803321 996 $aThe Antivirus hacker's handbook$93929481 997 $aUNINA