Penetration Testing mailing list archives
Inside AV engines?
From: "Jeroen" <jeroen () isvet nl>
Date: Mon, 12 Dec 2005 23:56:33 +0100
For penetration testing on Wintel system, I often use netcat.exe and stuff like pwdump. More and more I need to disable anti-virus services before running the tools to avoid alarms and auto-deletion of the applications. It works but it isn't an ideal situation since theoretically a network can be infected while the AV-services are down. Recompiling tools is an option since the source of many tools I use is available. The question is (before I burn useless CPU cycles): can someone help me getting info about the inside of AV engines? Will addition of some rubbish to the code do the trick (-> other checksum), do I need to change some core code or is it a mission impossible anyway? Who can help for example getting some useful research papers on the subject of detecting viruses and how to bypass mechanisms used? Any help will be appreciated. Greets, Jeroen ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Inside AV engines? Jeroen (Dec 12)
- Re: [Full-disclosure] Inside AV engines? ad () heapoverflow com (Dec 12)
- Re: [Full-disclosure] Inside AV engines? Valdis Shkesters (Dec 12)
- Re: [Full-disclosure] Inside AV engines? Michael Tewner (Dec 13)
- Re: [Full-disclosure] Inside AV engines? Fósforo (Dec 14)