Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Breaking AV Software

44CON Information Security Conference via YouTube

Overview

Explore the vulnerabilities and security issues in antivirus software through this 58-minute conference talk presented by Joxean Koret at the 44CON Information Security Conference. Delve into the often-overlooked aspects of AV software security, from home systems to corporate and government servers. Discover techniques for vulnerability discovery and remote exploitation of AV software, with detailed examples of vulnerabilities in popular antivirus engines. Learn about attack surfaces, fuzzing statistics, and exploitation methods for various AV products including Forticlient, Kaspersky, Comodo, BitDefender, and DrWeb. Gain insights into decompression bombs, security-enhanced software, and remote root vulnerabilities. Conclude with valuable recommendations for AV companies to improve their product security, aiming to raise awareness among both users and vendors about the critical importance of securing antivirus solutions.

Syllabus

Intro
Breaking antivirus software
Attack surface
Attacking antivirus engines
Vulnerabilities in AV engines
Fuzzing statistics
Exploiting AV engines (more tips)
Exploiting AV engines: Summary
Forticlient
Kaspersky
Comodo Antivirus
Notes about decompression bombs
BitDefender engine
BitDefender bugs
BitDefender notes
Comodo example vulnerability
Comodo Bugs
Security enhanced software
DrWeb antivirus
DrWeb updating protocol vulnerability
eScan for Linux remote root
Conclusions
Recommendations for AV companies

Taught by

44CON Information Security Conference

Reviews

Start your review of Breaking AV Software

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.