ytursyna
/
public
forked from root/public
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

docs(evasion): improve audit format

DEV-4049-remove-alcohol-terminology
nprimo 2 years ago committed by Niccolò Primo
parent
829ec0e43f
commit
4a42d8f1db
1 changed files with 7 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      subjects/cybersecurity/evasion/audit/README.md

18
subjects/cybersecurity/evasion/audit/README.md
unescape_control_characters View File

@ -1,23 +1,20 @@
#### General
Knowledge-Check:
###### Is the student able to explain how the Anti-Viruses detect the viruses?
###### Is the student able to explain clearly how he can bypass the Anti-Viruses?
###### Is the student able to explain clearly how his program works?
Open the student program in an official Windows virtual machine and add as argument a simple program that you can find on your Windows (calc.exe, ...)
##### Check the Repo content
Files that must be inside your repository:
- Your program source code.
- a README.md file, Which clearly explains how to use the program.
###### Does the required files present?
###### Are the required files present?
##### Evaluate the student's submission
@ -27,21 +24,20 @@ Compare the hash with a checker, before and after binary encryption
###### Has the signature of the binary argument been modified by the student's program?
Open the program with a hex editor or disassembler
Compare binary argument before and after binary encryption
##### Open the program with a hex editor or disassembler and compare binary argument before and after binary encryption
###### Has the form of the program been modified?
Launch the program that has just been encrypted
##### Launch the program that has just been encrypted
###### Does the program run normally after 101 seconds?
#### Bonus
Add [mal-track.exe](</res/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) as an argument to the student project without running it.
Add mal-track.exe (</res/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) as an argument to the student project without running it.
It is a program that is currently detected by 61/68 antivirus.
https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1
> It is a program that is currently detected by 61/68 antivirus.
> https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1
Add mal-track.exe as an argument to the student program, and upload the new encrypted version of mal-track.exe to an online Virus Scanner.

Write Preview
Loading…
Cancel
Save