Introduction to AV
Understand how antivirus software works and what detection techniques are used to bypass malicious file checks.
Task 1: Introduction
Q1: Let’s get started!
Ans1: No answer needed
Task 2: Antivirus Software
Q1: What does AV mean?
Ans1: Antivirus
Q2: Which PC Antivirus vendor implemented the first AV software on the market?
Ans2: McAfee
Q3: Antivirus software is a _____-based security solution.
Ans3: Host
Task 3: Antivirus Features
Q1: Which AV feature analyzes malware in a safe and isolated environment?
Ans1: Emulator
Q2: An _______ feature is a process of restoring or decrypting the compressed executable files to the original.
Ans2: unpacker
Q3: Read the above to proceed to the next task, where we discuss the AV detection techniques.
Ans3: No answer needed
Task 4: Deploy the VM
Q1: Once you’ve deployed the VM, it will take a few minutes to boot up. Then, progress to the next task!
Ans1: No answer needed
Task 5: AV Static Detection
Q1: What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary?
Ans1: f4a974b0cf25dca7fbce8701b7ab3a88:6144:AV-Check.exe
Q2: Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag?
Ans2: THM{Y0uC4nC-5tr16s}
Task 6: Other Detection Techniques
Q1: Which detection method is used to analyze malicious software inside virtual environments?
Ans1: Dynamic Detection
Task 7: AV Testing and Fingerprinting
Q1: For the C# AV fingerprint, try to rewrite the code in a different language, such as Python, and check whether VirusTotal flag it as malicious.
Ans1: No answer needed
Q2: Read the Above!
Ans2: No answer needed
Task 8: Conclusion
Q1: Congrats on completing the room, and keep learning!
Ans1: No answer needed
Contents
