The Antivirus Hacker's Handbook

The book explains AV from both sides (the AV developer and the attacker) helping to explain why and how. @matalaz (Joxean) has done a lot of work attacking AV. Having @0xeb (Elias) help out, who was one of the creators of EMET, likely helps give that defender perspective. Both are former Hex-Rays (maker of IDA Pro) employees, so they are awesome reversers, and both are developers, so the code (python) you see in the book is clean. The writing is personable and enjoyable to read, like a mentor teaching a topic they love. It reads much like "Practical Reverse Engineering" (which Elias also helped write) and is a great combination with that, so from one you learn how to reverse in general, and from this you can see specifically how to reverse a class of products and apply that knowledge to doing vuln research on them.The book describes all of the components of AV, from file scanning, to it's update mechanism, to touching briefly on things like browser plugins. The authors have extensive knowledge of this class of products and so comments about many different AV products are sprinkled throughout.This is an excellent practical guide to reverse engineering in general, that just happens to have AV as the common theme. It assumes some RE knowledge with IDA Pro, but beyond that everything else is free, open-source tools, with some (Diaphora and BCCF) written by Joxean. It uses every technique available to reverse products, such as investigating versions for different OSs which may have more symbols. It shows how to set up frameworks to run the AV's core scanner, which can help with not only fuzzing, but also is an important generic RE skill for using or testing a product's features.It is a practical guide to vuln research and shows how to investigate many areas of an attack surface. The focus is on file format fuzzing (as that is the biggest attack surface of AVs) but it also discusses permission and logical issues for escalation of privileges, MiTM attacks on the updates, and evasion tactics.My biggest concern with the book is that no versions or hashes or files being reversed are mentioned, and no download archive specific to the book appears to be available, so in time (now?) it won't be possible to play along with some of the reversing sessions and use the framework bindings. The concepts and material stand on their own, but it'd be nice to see an archive of these files appear on the Internet somewhere.

Great book! I'm normally not a fan of the hackers handbook series as it's very high level, but this book does a great job digging into the inside workings of many AVs and provides several cleaver scripts to interact\evade\test AVs. A must for any software developer working in the security community! I put this at the same level as Practical Malware Analysis, the Butler Rootkits book, the C KNR book and Richards TCP/IP Illustrated! It's that good!

thank you

Pretty good and one of few books on the topic.

The book is fantastic but I give it 4/5 just for the quality of paper (damp)!

The BS:The book makes a very strong case of AVs being s*** in quality and full of vulnerabilities.In order to prove the point the authors dig up old vulnerabilities from an entire industry covering 40 vendors and starting from 2006!Most of the vulnerabilities listed in the book are from 2010-2013.And then the authors claim that modern PDF readers and office software are better written and more reliable.Come on, if one would investigate 40 different office software, for sure there would be a ton of exploitable vulnerabilities.The good:The book does give a well deserved kick in the pants for vendors who have outdated security practices. All modern code should be ASLR+DEP enabled, and all permissions should be verified enough to that they are correct.Instructions how to bypass AV signatures is kinda outdated, producing unique binaries will make you shine like a beacon in any modern product. That being said, if you use product without reputation cloud support you'd better enable it or switch products.Same with behavioral bypass, sure if you do your tests in a lab without internet connection you can hide, but in real environment you are painting yourself as a target.The part of how to find vulnerabilities in AV code is up to date and valid, almost every product contains obsolete functions last touched in 2008.Despite the inaccuracies, this book is a must read for every AV developer and development manager. There is no excuse to repeat any mistakes listed in this book.

It's a good literature for those who has an interest in detail and technical aspect of Anti-virus application. Especially how to use the AV apps beyond the common things.

Pour travailler dans la sécurité informatique depuis qq temps, je ne savais pas trop à quoi m'attendre avec ce livre..Au final c'est plutôt une bonne surprise, le livre est accessible, correctement structuré, avec pas mal d'exemples et des codes commentés.Par contre cela ne vaut pas 5 étoiles car :- les exemples sont quand même relativement connus et anciens (bien que basés parfois sur le travail de l'auteur) et relativement simples- dans un chapitre il y a carrément 3/4 pages de code commentés...en russe. Vive le c/c.

The book is broken down into four main parts; the first part goes into the Basics of Antivirus (AV) solutions, the second part covers AV Software Evasion; the third part covers Analysis and Exploitation techniques of AV Solutions; the Forth and last part covers Current Trends in AV solutions and Recommendations and possible futures in AV solutions.Through the books 350+ pages, different platforms are covered, such as Linux, Windows and Unix based platforms. It covers specific weaknesses in Intel x86, AMD x86_64 and Arm processors. It includes targeting Home Users, Small to Medium-Sized Companies, Governments and Big Companies. It even analyses the Blind Trust approach people have with their chosen AV solutions. Recommendations discuss isolating machines to improve protection, auditing AV products. Even AV companies are given advice!Through the book the authors give a selection of test and analysis programs to use for the AV product you are using, these are written in a wide range of languages such a Python, C/C++, JavaScript, and VBScript. It is impossible to give a complete list of what is covered in the book in a review here, but it is enough to get a 'code monkey' drooling! Despite my own 20+ years of being involved in the computer security area, I was discovering new areas.If you have any knowledge and experience of AV solution implementation, or even if you are only curious about how AV products work and want to reassure yourself that your antivirus cover is sufficient, you must read this book. The book provides such a good insight into AV Solutions, you may never have an unbroken night's sleep again! Despite that, this book is definitely a must have for any self-respecting computer buff.

The Antivirus Hacker's Handbook Paperback – 30 Oct 2015The book.-------------This book is about how viruses attack your computer and how antivirus software defends you against them and malware. The authors turn the reader intro a hacker and show you how vulnerabilities are exploited by these people and how software can stop them.Weaknesses in antimalware and antivirus software is explained in some detail. You are taken on a journey into your own systems inner working and shown how hacking works and how you can engineer software to find and stop attacks.The authors.-----------------The two authors have years of programming experience and reverse engineering problem systems. This book brings together their skills.Audience.--------------This book is written for those who understand how software works and have programming skills that are needed to go on the exploration of your own system. Even with a basic understanding the book is easy to follow in most parts. Students of software engineering, system security or the competent home user will love this book and what it teaches.Looking at your own system.--------------------------------------It is clear that antivirus software is fine but hackers are constantly looking for ways around it. The book shows how this is done and what you can do about it.Companion website.---------------------------There is a linked website to the book that further explains issues raised in the text and offers source code used in the book.Overall.-----------Aimed at the technically minded but a very good resource on how systems are exploited and what you can do about it. Definitely a technical read but a mine of information linked to a very useful website. I enjoyed this book a got a lot from it.

Even in my fifties I'm considered to be quite bright; if left behind a little by modern life, however, this left me almost completely behind. What it did fill me with was dread, inasmuch as the Anti-Virus protection I thought I had is about as much use as a chocolate teapot in a sauna. My grandson when he saw this on my desk as he was doing his usual thorough search for something he can read when he was with us over the weekend, pointed out that his dad (my son) "has a copy of that" - he works in IT and used to code for one of the big AV companies and still keeps up with current trends in reverse engineering. I did get my head around a number of the concepts and understood the principles, however, I'd not be able to do much in practical terms as the information the book contains is way beyond my capabilities to implement. Not so my son. He really rates this book, which is why he bought a copy when it first came out, stating that the book essentially details the type of work he used to do and still does in a limited capacity. Essentially this is what AV companies do to test systems when they look for vulnerabilities and the reason why you should maintain your AV. There are people out there who will always try to get into your system to hijack information (personal or otherwise) and AV is ultimately reactive when threats are identified. For those who are very technically minded and want to tighten up their security this is a very good starting point, as it gets you into the mindset of someone who wants to attack your system by identifying existing vulnerabilities that may facilitate that attack and give you the tools to close those avenues off. Too technical for me, but for someone (like my son) who is computer literate I can see this being an extremely useful reference text. I've scored it five stars on the recommendation of my son who already had a copy and really rates it.