1
00:00:00,750 --> 00:00:09,180
Hello and welcome to a new session, this new session is called Antivirus Evasion, and this lecture

2
00:00:09,180 --> 00:00:10,860
is about an overview.

3
00:00:11,310 --> 00:00:15,450
How did the Trojans that can evade antivirus

4
00:00:18,690 --> 00:00:27,050
problems if antivirus for Melbourne Developers Virus Total or any online Scheinin who have a copy of

5
00:00:27,050 --> 00:00:30,740
her sample and may eventually tag Smellie.

6
00:00:31,650 --> 00:00:37,740
So do not have blood samples on virus, Twitter or any online platforms.

7
00:00:38,190 --> 00:00:39,480
It provides Kenning.

8
00:00:40,320 --> 00:00:45,510
They will have a copy of your sample and eventually target as malicious.

9
00:00:47,930 --> 00:00:53,280
Dissolution Windows Defender Hollow could install antivirus.

10
00:00:53,700 --> 00:01:03,750
The quarantine is simple, and this is also not a solution, because once your Windows defender or your

11
00:01:03,750 --> 00:01:11,550
locally installed antivirus takes your, quote, trillionaire, smell their neighbor, quarantine it

12
00:01:12,120 --> 00:01:18,240
and you will have a difficult time trying to develop on your system.

13
00:01:19,500 --> 00:01:21,210
So what is the solution?

14
00:01:23,130 --> 00:01:24,900
The solution is to use yaara.

15
00:01:25,890 --> 00:01:30,420
Yara is to pattern making Swiss army knife for Melos searches.

16
00:01:33,320 --> 00:01:34,430
They're yaara.

17
00:01:34,940 --> 00:01:42,530
You can download from this link here and also download the Yarra rules, which are required by Yarah

18
00:01:43,220 --> 00:01:46,310
from this link here in the next section.

19
00:01:46,430 --> 00:01:54,170
We show you how to do that, how to download Stopera, and also how to download the rules and also how

20
00:01:54,170 --> 00:01:56,270
to get started using Yaara.

21
00:01:57,050 --> 00:02:04,940
So Yara is a kind of antivirus scanner that can scan malware based on better matching.

22
00:02:08,110 --> 00:02:11,800
Georgian development lifecycle, where does Yaro come in?

23
00:02:13,380 --> 00:02:17,730
First step is to develop a treaty, and then we will need to Skåne.

24
00:02:19,170 --> 00:02:26,250
So in this case, he will use Yaro, the skinny Sierra was king based on this database.

25
00:02:26,910 --> 00:02:34,770
This rules and you download and then if he takes it, you try to find out from the report, he will

26
00:02:34,770 --> 00:02:40,140
tell you what was the pattern that mesh the Trojan.

27
00:02:41,190 --> 00:02:45,600
And based on that report, you will make modifications.

28
00:02:46,140 --> 00:02:50,670
You so you will modify your code in order to defeat the robots.

29
00:02:52,210 --> 00:02:55,270
Then you can again see the result.

30
00:02:55,810 --> 00:02:57,640
So you keep repeating this.

31
00:02:58,300 --> 00:02:59,860
This is a directive.

32
00:03:00,280 --> 00:03:00,670
Nope.

33
00:03:01,330 --> 00:03:05,560
You keep repeating this cycle can do this, can destroy you.

34
00:03:06,160 --> 00:03:15,010
Anything that is able to detect or tag your trigon as a malicious application.

35
00:03:15,940 --> 00:03:20,770
So this is simply not within the realm of a cycle we should be adopting.

36
00:03:21,190 --> 00:03:29,230
In that sense, antivirus evasion techniques, also known as anti Eevee much.

37
00:03:30,540 --> 00:03:37,050
Three common ways we can use in order to keep virus from in hiding is away.

38
00:03:37,800 --> 00:03:41,030
We try to hide the function calls.

39
00:03:41,880 --> 00:03:46,410
We try to hide the API name we are using in the Trojan.

40
00:03:46,410 --> 00:03:51,450
So because antivirus scanners also look at the inputs.

41
00:03:52,110 --> 00:03:54,140
What kind of functions or APIs.

42
00:03:54,600 --> 00:03:58,140
That particular application is using.

43
00:03:59,160 --> 00:04:08,070
Second is encrypting encryption of string parameters, string parameters, parameters, function calls.

44
00:04:08,640 --> 00:04:16,230
Some parameters can also be tagged as Americans based on the occurrence of them.

45
00:04:16,260 --> 00:04:18,330
How many of them are occurring together?

46
00:04:19,500 --> 00:04:24,660
Oh, and Commissioner Bill Peter, beaten by Scoobie Shakuri.

47
00:04:25,080 --> 00:04:30,720
So the Shakuri cell could be a recognizable pattern, which is in a database.

48
00:04:30,760 --> 00:04:36,570
We know the rules for the antivirus that the encoding of string parameters.

49
00:04:37,290 --> 00:04:38,190
Peter Pace.

50
00:04:38,790 --> 00:04:45,420
So these are two, three common ways in which we can use it to evade device.

51
00:04:47,380 --> 00:04:48,430
Thank you for watching.

52
00:04:48,940 --> 00:04:50,980
I'll see you in person.