Εμφάνιση απλής εγγραφής

dc.contributor.advisorΚάτσικας, Σωκράτης
dc.contributor.authorΤασιόπουλος, Βασίλειος Γ.
dc.date.accessioned2015-01-14T09:00:27Z
dc.date.available2015-01-14T09:00:27Z
dc.date.issued2015-01-14T09:00:27Z
dc.identifier.urihttps://dione.lib.unipi.gr/xmlui/handle/unipi/6233
dc.language.isoel
dc.rightsΑναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/deed.el
dc.subjectComputer security
dc.subjectComputer hackers
dc.subjectComputer viruses
dc.subjectMalware
dc.subjectData encryption (Computer science)
dc.titleBypassing antivirus detection with encryption
dc.typeMaster Thesis
dc.identifier.call005.8 ΤΑΣ
dc.description.abstractENIt is considered a common occurrence during security evaluations that someone must be convinced that antivirus software does not offer complete security. There are also times when a penetration tester encounters antivirus software. For these and several other reasons a variety of ways for bypassing antivirus systems has been invented. In this thesis we are going to deal with the use of encryption for bypassing antivirus detections. The idea of using encryption as an anti-detection technique is not new. It has been introduced previously by researchers along with their implementation of programs, called "Crypters", which is the means to accomplice that. These programs are able to encrypt a malware and store it inside a legitimate file without affecting his original functionality. This file is able to bypass detection and then decrypt the malware and store it in a specific part of the disc or load it directly into computer's memory and execute it. Even though the general functionality of a crypter has remained the same over time, it is essential to create an architecture which would be compatible with the current systems and be able to avoid detection of the constantly developing antivirus systems. In this master thesis we are not going to invent a new way to bypass an antivirus detection. On the contrary, we are going to rely on previous researches in order to introduce a new architecture of a crypter that offers a unique output every time it is being used. The implementation is going to follow the same principals, as the previous ones, these of encrypting the malware but it will also inject into another process. The injection will be performed by a DLL that will also be encrypted inside the legitimate file. The encrypted DLL will be decrypted and will be loaded into memory. After that the DLL will inject the decrypted malware in a legitimate process. The crypter is in place to offer a unique output every time someone uses it. The encryption key along with the function names, DLL names, variables and strings are random and so different every time. Several tests have been contacted with the specific implementation and it has successfully bypassed detection of over forty antivirus software.


Αρχεία σε αυτό το τεκμήριο

Thumbnail

Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές

Εμφάνιση απλής εγγραφής

Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές
Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές

Βιβλιοθήκη Πανεπιστημίου Πειραιώς
Επικοινωνήστε μαζί μας
Στείλτε μας τα σχόλιά σας
Created by ELiDOC
Η δημιουργία κι ο εμπλουτισμός του Ιδρυματικού Αποθετηρίου "Διώνη", έγιναν στο πλαίσιο του Έργου «Υπηρεσία Ιδρυματικού Αποθετηρίου και Ψηφιακής Βιβλιοθήκης» της πράξης «Ψηφιακές υπηρεσίες ανοιχτής πρόσβασης της βιβλιοθήκης του Πανεπιστημίου Πειραιώς»