(EN) How to fool antivirus software?

Remedial courses for CIA and other state agencies…

From recent times, more and more leaks inform us how national agencies work to bypass antivirus securities for surveillance activities. Press write about sophistication of attacks, tricks used, zero-day employed, etc… This cyber weaponry has never been so sophisticated for some analysis… However, what is known is far to be really novel or definitely efficient, not to mention sophisticated...

This talk aims to propose elegant solutions to bypass, delude or remove securities installed on Windows OS by security software. From simplest technics to trickiest and from user-mode (admin or simple user) to kernel mode with the used of undocumented structures or just legal API. Tested on real antivirus, with live demos (only one rule: not seen not caught), most of the technics presented here works for every security products since they are all designed in the same way from critical functionalities.

If you have ever dreamed about going over to the dark side, to inject malware into system, plan to stay here for a long time because it is cool, being involved in a real operational context or just to make fun by trolling about antivirus software vendors, here we are. Bypassing antivirus software is an easy sport not only practiced by governments. Hacker community does it better from a while. The facts stand, if antiviruses are necessary, they are not sufficient and IT professionals take in into account. It is time to bring things up.

About Baptiste DAVID @Hackerzvoice

DAVID Baptiste is a PhD student at the (C+V)^O laboratory in ESIEA. His research is mainly focused on malware analysis, security under windows operating system, kernel development and vulnerabilities. Sometime math, physic or anything cool from that stuff to enhance everyday life. He has worked on the DAVFI antivirus project. He although like good food and good vine (we never change), but he is okay if you offer him beers.
He has already made several conferences included: iAwacs, Cocon, Ground zero summit, EICAR, ECCWS, Defcon.