Breaking AV Software
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore the vulnerabilities and security issues in antivirus software through this 58-minute conference talk presented by Joxean Koret at the 44CON Information Security Conference. Delve into the often-overlooked aspects of AV software security, from home systems to corporate and government servers. Discover techniques for vulnerability discovery and remote exploitation of AV software, with detailed examples of vulnerabilities in popular antivirus engines. Learn about attack surfaces, fuzzing statistics, and exploitation methods for various AV products including Forticlient, Kaspersky, Comodo, BitDefender, and DrWeb. Gain insights into decompression bombs, security-enhanced software, and remote root vulnerabilities. Conclude with valuable recommendations for AV companies to improve their product security, aiming to raise awareness among both users and vendors about the critical importance of securing antivirus solutions.
Syllabus
Intro
Breaking antivirus software
Attack surface
Attacking antivirus engines
Vulnerabilities in AV engines
Fuzzing statistics
Exploiting AV engines (more tips)
Exploiting AV engines: Summary
Forticlient
Kaspersky
Comodo Antivirus
Notes about decompression bombs
BitDefender engine
BitDefender bugs
BitDefender notes
Comodo example vulnerability
Comodo Bugs
Security enhanced software
DrWeb antivirus
DrWeb updating protocol vulnerability
eScan for Linux remote root
Conclusions
Recommendations for AV companies
Taught by
44CON Information Security Conference
Related Courses
Information Security - 5 - Secure Systems EngineeringIndian Institute of Technology Madras via Swayam Reverse Engineering and Exploit Development
Udemy Master the OWASP Top 10
LinkedIn Learning CASP+ Cert Prep: 2 Enterprise Security Architecture
LinkedIn Learning Learning the OWASP Top 10 (2018)
LinkedIn Learning