From 4a42d8f1dbff5fea1049084fe9027d87a1548964 Mon Sep 17 00:00:00 2001 From: nprimo Date: Tue, 20 Dec 2022 12:52:45 +0100 Subject: [PATCH] docs(evasion): improve audit format --- subjects/cybersecurity/evasion/audit/README.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/subjects/cybersecurity/evasion/audit/README.md b/subjects/cybersecurity/evasion/audit/README.md index 7f5ffe75..8f7dbff5 100644 --- a/subjects/cybersecurity/evasion/audit/README.md +++ b/subjects/cybersecurity/evasion/audit/README.md @@ -1,23 +1,20 @@ #### General -Knowledge-Check: - ###### Is the student able to explain how the Anti-Viruses detect the viruses? ###### Is the student able to explain clearly how he can bypass the Anti-Viruses? ###### Is the student able to explain clearly how his program works? -Open the student program in an official Windows virtual machine and add as argument a simple program that you can find on your Windows (calc.exe, ...) - ##### Check the Repo content Files that must be inside your repository: - Your program source code. + - a README.md file, Which clearly explains how to use the program. -###### Does the required files present? +###### Are the required files present? ##### Evaluate the student's submission @@ -27,21 +24,20 @@ Compare the hash with a checker, before and after binary encryption ###### Has the signature of the binary argument been modified by the student's program? -Open the program with a hex editor or disassembler -Compare binary argument before and after binary encryption +##### Open the program with a hex editor or disassembler and compare binary argument before and after binary encryption ###### Has the form of the program been modified? -Launch the program that has just been encrypted +##### Launch the program that has just been encrypted ###### Does the program run normally after 101 seconds? #### Bonus -Add [mal-track.exe]() as an argument to the student project without running it. +Add mal-track.exe () as an argument to the student project without running it. -It is a program that is currently detected by 61/68 antivirus. -https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1 +> It is a program that is currently detected by 61/68 antivirus. +> https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1 Add mal-track.exe as an argument to the student program, and upload the new encrypted version of mal-track.exe to an online Virus Scanner.