Enhancing AV-avoidance capabilities of a PE crypter
View/ Open
Abstract
Penetration Testers use a wide range of publicly available or custom made tools in their attempt to bypass security controls of the targeted systems during security assessments. A lot of these tools are often flagged by anti-virus products as suspicious or downright malicious. In order to avoid detection a number of solutions have been introduced, with the most popular one involving the use of crypters. A crypter is a piece of software that encrypts an executable object and encapsulates it into seemingly innocuous code, effectively modifying its appearance in a binary level, while at the same time preserves its original functionality. The purpose of this thesis is, based on a reference implementation of a PE crypter, to improve its Anti-Virus avoidance capabilities by using well established obfuscation techniques.