| Security assessment is used to conduct a comprehensive assessment of the information system inside the enterprise.Recently,intrusion of large organization like enterprise is increased substantially.Security assessments can be used to simulate intrusion behavior.The principal can find and reinforce the vulnerability of the information system inside the enterprise based on the results of the security assessment.In order to simulate real-world intrusions,malicious samples used in security assessment should bypass defense system such as anti-virus software.In this paper,through the reverse engineering and in-depth study on anti-virus software,three kind of anti anti-virus technology is proposed.An anti anti-virus helper and penetration test code delivery platform is designed based on technology proposed.This article presents obfuscation,whitelist program,sandbox bypass technology.Cryptography and NP-Complete problems is used to design obfuscation code.Whitelist program can be excavated by analyzing Windows API call chain.Based on the sandbox technology's own limitation,a stable technology to bypass sandbox is proposed.The tools implemented in this article have the following features.First of all,a more comprehensive anti anti-virus technology is used.Second,common technolody is used,which is effective for different programming languages.Last,test result shows that detection rate is decreased a lot using technology proposed.According to the test results,penetration test code used in delivery platform also bypass NOD32,Kasperkey,Symentac.Therefore,technology proposed in this article can achieve the desired effect. |
PDF Full Text Request