Spelling suggestions: "subject:"AV dfficiency"" "subject:"AV cfficiency""
1 |
Antivirus performance in detecting Metasploit payloads : A Case Study on Anti-Virus EffectivenessNyberg, Eric, Dinis Ferreira, Leandro January 2023 (has links)
This paper will focus solely on the effectiveness of AV (antivirus) in detecting Metasploit payloads which have been encapsulated with different encapsulation modules. There seems to be a significant knowledge gap in the evaluation of commercial antivirus's software and their ability to detect malicious code and stop such code from being executed on IT systems. Therefore we would like to evaluate the capabilities of modern AV software with the use of penetration testing tools such as Metasploit. The research process is heavily reliant on a case study methodology as it can be argued that each payload generated reflects a case in itself. Firstly the payloads are generated and encapsulated through the self developed software, secondly they are uploaded to VirusTotal to be scanned with the use of their publicly available API, third the results are obtained from VirusTotal and stored locally. Lastly the results are filtered through with the software which in turn generates graphs of the results. These results will provide sufficient data in comparing encapsulation methods, payload detection rates, draw conclusions regarding which operating system may be most vulnerable as well as the overall state of modern AV software's capabilities in detecting malicious payloads. There are plenty of noteworthy conclusions to be drawn from the results, one of them being the most efficient encapsulation method powershell_base64 which had amongst the lowest detection rates in regards to the amounts of payloads it encoded, meaning that its encapsulation hid the malicious code from the AV at a higher degree than most the other encapsulation modules. The most noteworthy conclusion from the results gathered however is the encapsulation methods which obtained the absolute lowest detection rates, these were x86_nonalpha, x86_shikata_ga_nai, x86_xor_dynamic as well as payloads without any encoding at all, which had a few payloads reach among the lowest detection rates across the board (<20%).
|
Page generated in 0.0291 seconds