nprimo
773c3ad925
|
10 months ago | |
|---|---|---|
| .. | ||
| audit | 10 months ago | |
| README.md | 10 months ago | |
README.md
Evasion
Objective
The goal of this project is to understand the methods of hackers who bypass anti-viruses, so also to understand how antivirus works in a little more advanced way than mal-track.
Guidelines
You will need to develop a windows program
The windows program will have to give us the possibility to encrypt another program
Increase its size by 101mb
Add an increment of an int to 100001
Look at the time, do a sleep of 101 seconds, look at the time to check that 101 seconds has passed, if the 101 seconds have not elapsed, do not decrypt the binary and do not execute it
This project is carried out on a virtual machine (in your malware analysis lab). You are free to choose your virtual machine, it must be windows-based. (but in the audit you will use an official windows virtual machine!) You are free to choose the programming language for your program.
Advice
https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf
https://0x00sec.org/c/cryptology/
Submission and audit
Files that must be inside your repository:
- Your program source code.
- a README.md file, Which clearly explains how to use the program.
Don’t hesitate to double check the names of your folders and files to ensure they are correct!
⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.