Antivirus Sandbox Evasion (part2) – Slides
Hello,
Here is the PowerPoint presentation explaining the sandbox evasion technique, used in the part 1 of this story (see Antivirus Sandbox Evasion (par1)).
Enjoy,
(2 votes, average: 5.00 out of 5)
Loading...
© 2012, foip. All rights reserved.
5 Comments
→
Fun and Good presentation !
Great sharing !!! Thanks so much
Great presentation!
I’ve tried an implementation based on your ideas but in my case Avira’s sandbox is always triggered because the signature is missing and the reputation it’s too low.
My exe check if the tcp port 445 is reacheable, if not doesn’t executes the payload.
After about 15s the sanbox terminates the program without threat warning but I’ve to manually add my exe to the exception list otherwise on the next run the situation is the same.
Any suggestions? :-)
TIA
you got a mail ;)
Great Article! Pretty amazing :)
Could you just explain to me the next code line in your home-made encoder :
(*(void (*)()) (void*)lpAlloc)();
This is to run the code stored in the allocated memory I presume but in details, I’m a little bit lost with all these Brackets… :)
I’m not an expert in C and I’d like to understand.
Thanks