From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Custom packaging of software
From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Custom packaging of software
- [Instructor] A packer is a tool which creates a malware image using various techniques, such as compression, masking with an xor, encryption, and other obfuscations. Packers may also include special code to check for sandboxing and if found, take action to defeat analysis, such as deleting files and terminating. The malware which has created is then loaded by some form of stub code, which unpacks it in memory. While this protects the malware code, the stub code can be used to fingerprint malware even down to specific malware campaigns. One way to defeat stub code detection is to use a custom packer. This means that a specific attack has its own unique fingerprint and so can't be detected from having found an earlier attack. An example of this is the Andromeda Gamarue Custom Packer described in this analysis by Morphisec. These forms of packers are often a challenge for automated sandbox detectors.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
Evading antivirus detection1m 24s
-
Exotic scanning with Nmap4m 36s
-
Obfuscating payloads with msfvenom2m 9s
-
Hiding payloads in benign files4m 34s
-
Custom packaging of software1m 2s
-
Fileless attacks with PowerShell4m 38s
-
Hiding with the cloak of invisibility1m 42s
-
Embedding malware in an alternate data stream4m 6s
-
Tunneling through DNS with iodine2m 44s
-
Checking for oversight1m 21s
-
-