Breaking AV Software

Explore the vulnerabilities and security issues in antivirus software through this 58-minute conference talk presented by Joxean Koret at the 44CON Information Security Conference. Delve into the often-overlooked aspects of AV software security, from home systems to corporate and government servers. Discover techniques for vulnerability discovery and remote exploitation of AV software, with detailed examples of vulnerabilities in popular antivirus engines. Learn about attack surfaces, fuzzing statistics, and exploitation methods for various AV products including Forticlient, Kaspersky, Comodo, BitDefender, and DrWeb. Gain insights into decompression bombs, security-enhanced software, and remote root vulnerabilities. Conclude with valuable recommendations for AV companies to improve their product security, aiming to raise awareness among both users and vendors about the critical importance of securing antivirus solutions.

Intro
Breaking antivirus software
Attack surface
Attacking antivirus engines
Vulnerabilities in AV engines
Fuzzing statistics
Exploiting AV engines (more tips)
Exploiting AV engines: Summary
Forticlient
Kaspersky
Comodo Antivirus
Notes about decompression bombs
BitDefender engine
BitDefender bugs
BitDefender notes
Comodo example vulnerability
Comodo Bugs
Security enhanced software
DrWeb antivirus
DrWeb updating protocol vulnerability
eScan for Linux remote root
Conclusions
Recommendations for AV companies