Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Antivirus Bypass Techniques

You're reading from   Antivirus Bypass Techniques Learn practical techniques and tactics to combat, bypass, and evade antivirus software

Arrow left icon
Product type Paperback
Published in Jul 2021
Publisher Packt
ISBN-13 9781801079747
Length 242 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Uriel Kosayev Uriel Kosayev
Author Profile Icon Uriel Kosayev
Uriel Kosayev
Nir Yehoshua Nir Yehoshua
Author Profile Icon Nir Yehoshua
Nir Yehoshua
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Section 1: Know the Antivirus – the Basics Behind Your Security Solution
2. Chapter 1: Introduction to the Security Landscape FREE CHAPTER 3. Chapter 2: Before Research Begins 4. Chapter 3: Antivirus Research Approaches 5. Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
6. Chapter 4: Bypassing the Dynamic Engine 7. Chapter 5: Bypassing the Static Engine 8. Chapter 6: Other Antivirus Bypass Techniques 9. Section 3: Using Bypass Techniques in the Real World
10. Chapter 7: Antivirus Bypass Techniques in Red Team Operations 11. Chapter 8: Best Practices and Recommendations 12. Other Books You May Enjoy

Exploring protection systems

Antivirus software is the most basic type of protection system used to defend endpoints against malware. But besides antivirus software (which we will explore in the Antivirus – the basics section), there are many other types of products to protect a home and business user from these threats, both at the endpoint and network levels, including the following:

  • EDR: The purpose of EDR systems is to protect the business user from malware attacks through real-time response to any type of event defined as malicious.

    For example, a security engineer from a particular company can define within the company's EDR that if a file attempts to perform a change to the SQLServer.exe process, it will send an alert to the EDR's dashboard.

  • Firewall: A system for monitoring, blocking, and identification of network-based threats, based on a pre-defined policy.
  • IDS/IPS: IDS and IPS provide network-level security, based on generic signatures, which inspects network packets and searches for malicious patterns or malicious flow.
  • DLP: DLP's sole purpose is to stop and report on sensitive data exfiltrated from the organization, whether on portable media (thumb drive/disk on key), email, uploading to a file server, or more.

Now that we have understood which security solutions exist and their purpose in securing organizations and individuals, we will understand the fundamentals of antivirus software and the benefits of antivirus research bypass.

You have been reading a chapter from
Antivirus Bypass Techniques
Published in: Jul 2021
Publisher: Packt
ISBN-13: 9781801079747
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime