|
|
@ -1,23 +1,20 @@ |
|
|
|
#### General |
|
|
|
#### General |
|
|
|
|
|
|
|
|
|
|
|
Knowledge-Check: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###### Is the student able to explain how the Anti-Viruses detect the viruses? |
|
|
|
###### Is the student able to explain how the Anti-Viruses detect the viruses? |
|
|
|
|
|
|
|
|
|
|
|
###### Is the student able to explain clearly how he can bypass the Anti-Viruses? |
|
|
|
###### Is the student able to explain clearly how he can bypass the Anti-Viruses? |
|
|
|
|
|
|
|
|
|
|
|
###### Is the student able to explain clearly how his program works? |
|
|
|
###### Is the student able to explain clearly how his program works? |
|
|
|
|
|
|
|
|
|
|
|
Open the student program in an official Windows virtual machine and add as argument a simple program that you can find on your Windows (calc.exe, ...) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##### Check the Repo content |
|
|
|
##### Check the Repo content |
|
|
|
|
|
|
|
|
|
|
|
Files that must be inside your repository: |
|
|
|
Files that must be inside your repository: |
|
|
|
|
|
|
|
|
|
|
|
- Your program source code. |
|
|
|
- Your program source code. |
|
|
|
|
|
|
|
|
|
|
|
- a README.md file, Which clearly explains how to use the program. |
|
|
|
- a README.md file, Which clearly explains how to use the program. |
|
|
|
|
|
|
|
|
|
|
|
###### Does the required files present? |
|
|
|
###### Are the required files present? |
|
|
|
|
|
|
|
|
|
|
|
##### Evaluate the student's submission |
|
|
|
##### Evaluate the student's submission |
|
|
|
|
|
|
|
|
|
|
@ -27,21 +24,20 @@ Compare the hash with a checker, before and after binary encryption |
|
|
|
|
|
|
|
|
|
|
|
###### Has the signature of the binary argument been modified by the student's program? |
|
|
|
###### Has the signature of the binary argument been modified by the student's program? |
|
|
|
|
|
|
|
|
|
|
|
Open the program with a hex editor or disassembler |
|
|
|
##### Open the program with a hex editor or disassembler and compare binary argument before and after binary encryption |
|
|
|
Compare binary argument before and after binary encryption |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###### Has the form of the program been modified? |
|
|
|
###### Has the form of the program been modified? |
|
|
|
|
|
|
|
|
|
|
|
Launch the program that has just been encrypted |
|
|
|
##### Launch the program that has just been encrypted |
|
|
|
|
|
|
|
|
|
|
|
###### Does the program run normally after 101 seconds? |
|
|
|
###### Does the program run normally after 101 seconds? |
|
|
|
|
|
|
|
|
|
|
|
#### Bonus |
|
|
|
#### Bonus |
|
|
|
|
|
|
|
|
|
|
|
Add [mal-track.exe](</res/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) as an argument to the student project without running it. |
|
|
|
Add mal-track.exe (</res/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) as an argument to the student project without running it. |
|
|
|
|
|
|
|
|
|
|
|
It is a program that is currently detected by 61/68 antivirus. |
|
|
|
> It is a program that is currently detected by 61/68 antivirus. |
|
|
|
https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1 |
|
|
|
> https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1 |
|
|
|
|
|
|
|
|
|
|
|
Add mal-track.exe as an argument to the student program, and upload the new encrypted version of mal-track.exe to an online Virus Scanner. |
|
|
|
Add mal-track.exe as an argument to the student program, and upload the new encrypted version of mal-track.exe to an online Virus Scanner. |
|
|
|
|
|
|
|
|
|
|
|