The Antivirus Hacker's Handbook (Anglais) Broché – 30 octobre 2015
|Neuf à partir de||Occasion à partir de|
- Choisissez parmi 17 000 points de collecte en France
- Les membres du programme Amazon Prime bénéficient de livraison gratuites illimitées
- Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
- Sélectionnez cette adresse lors de votre commande
Les clients ayant acheté cet article ont également acheté
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
Description du produit
Présentation de l'éditeur
The Antivirus Hacker′s Handbook guides you through the process of reverse engineering antivirus software. You explore how to detect and exploit vulnerabilities that can be leveraged to improve future software design, protect your network, and anticipate attacks that may sneak through your antivirus′ line of defense. You′ll begin building your knowledge by diving into the reverse engineering process, which details how to start from a finished antivirus software program and work your way back through its development using the functions and other key elements of the software. Next, you leverage your new knowledge about software development to evade, attack, and exploit antivirus software all of which can help you strengthen your network and protect your data.
While not all viruses are damaging, understanding how to better protect your computer against them can help you maintain the integrity of your network.
- Discover how to reverse engineer your antivirus software
- Explore methods of antivirus software evasion
- Consider different ways to attack and exploit antivirus software
- Understand the current state of the antivirus software market, and get recommendations for users and vendors who are leveraging this software
The Antivirus Hacker′s Handbook is the essential reference for software reverse engineers, penetration testers, security researchers, exploit writers, antivirus vendors, and software engineers who want to understand how to leverage current antivirus software to improve future applications.
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
Détails sur le produit
Si vous vendez ce produit, souhaitez-vous suggérer des mises à jour par l'intermédiaire du support vendeur ?
Meilleurs commentaires des clients
Un problème s'est produit lors du filtrage des commentaires. Veuillez réessayer ultérieurement.
Au final c'est plutôt une bonne surprise, le livre est accessible, correctement structuré, avec pas mal d'exemples et des codes commentés.
Par contre cela ne vaut pas 5 étoiles car :
- les exemples sont quand même relativement connus et anciens (bien que basés parfois sur le travail de l'auteur) et relativement simples
- dans un chapitre il y a carrément 3/4 pages de code commentés...en russe. Vive le c/c.
Commentaires client les plus utiles sur Amazon.com
The book describes all of the components of AV, from file scanning, to it's update mechanism, to touching briefly on things like browser plugins. The authors have extensive knowledge of this class of products and so comments about many different AV products are sprinkled throughout.
This is an excellent practical guide to reverse engineering in general, that just happens to have AV as the common theme. It assumes some RE knowledge with IDA Pro, but beyond that everything else is free, open-source tools, with some (Diaphora and BCCF) written by Joxean. It uses every technique available to reverse products, such as investigating versions for different OSs which may have more symbols. It shows how to set up frameworks to run the AV's core scanner, which can help with not only fuzzing, but also is an important generic RE skill for using or testing a product's features.
It is a practical guide to vuln research and shows how to investigate many areas of an attack surface. The focus is on file format fuzzing (as that is the biggest attack surface of AVs) but it also discusses permission and logical issues for escalation of privileges, MiTM attacks on the updates, and evasion tactics.
My biggest concern with the book is that no versions or hashes or files being reversed are mentioned, and no download archive specific to the book appears to be available, so in time (now?) it won't be possible to play along with some of the reversing sessions and use the framework bindings. The concepts and material stand on their own, but it'd be nice to see an archive of these files appear on the Internet somewhere.
The book makes a very strong case of AVs being s*** in quality and full of vulnerabilities.
In order to prove the point the authors dig up old vulnerabilities from an entire industry covering 40 vendors and starting from 2006!
Most of the vulnerabilities listed in the book are from 2010-2013.
And then the authors claim that modern PDF readers and office software are better written and more reliable.
Come on, if one would investigate 40 different office software, for sure there would be a ton of exploitable vulnerabilities.
The book does give a well deserved kick in the pants for vendors who have outdated security practices. All modern code should be ASLR+DEP enabled, and all permissions should be verified enough to that they are correct.
Instructions how to bypass AV signatures is kinda outdated, producing unique binaries will make you shine like a beacon in any modern product. That being said, if you use product without reputation cloud support you'd better enable it or switch products.
Same with behavioral bypass, sure if you do your tests in a lab without internet connection you can hide, but in real environment you are painting yourself as a target.
The part of how to find vulnerabilities in AV code is up to date and valid, almost every product contains obsolete functions last touched in 2008.
Despite the inaccuracies, this book is a must read for every AV developer and development manager. There is no excuse to repeat any mistakes listed in this book.