Global ETD Search

11	Antivirus performance in detecting Metasploit payloads : A Case Study on Anti-Virus Effectiveness Nyberg, Eric, Dinis Ferreira, Leandro January 2023 (has links) This paper will focus solely on the effectiveness of AV (antivirus) in detecting Metasploit payloads which have been encapsulated with different encapsulation modules. There seems to be a significant knowledge gap in the evaluation of commercial antivirus's software and their ability to detect malicious code and stop such code from being executed on IT systems. Therefore we would like to evaluate the capabilities of modern AV software with the use of penetration testing tools such as Metasploit. The research process is heavily reliant on a case study methodology as it can be argued that each payload generated reflects a case in itself. Firstly the payloads are generated and encapsulated through the self developed software, secondly they are uploaded to VirusTotal to be scanned with the use of their publicly available API, third the results are obtained from VirusTotal and stored locally. Lastly the results are filtered through with the software which in turn generates graphs of the results. These results will provide sufficient data in comparing encapsulation methods, payload detection rates, draw conclusions regarding which operating system may be most vulnerable as well as the overall state of modern AV software's capabilities in detecting malicious payloads. There are plenty of noteworthy conclusions to be drawn from the results, one of them being the most efficient encapsulation method powershell_base64 which had amongst the lowest detection rates in regards to the amounts of payloads it encoded, meaning that its encapsulation hid the malicious code from the AV at a higher degree than most the other encapsulation modules. The most noteworthy conclusion from the results gathered however is the encapsulation methods which obtained the absolute lowest detection rates, these were x86_nonalpha, x86_shikata_ga_nai, x86_xor_dynamic as well as payloads without any encoding at all, which had a few payloads reach among the lowest detection rates across the board (<20%). Metasploit Anti-Virus Effectivness AV Effectiveness MSFVenom Antivirus AV Software Metasploit Encoding Encodings Detection rates AV Efficiency Antivirus efficiency payloads payload detection.. Computer Systems Datorsystem
12	Evaluating the Necessity of Third-Party Antivirus Software Baker, Erik January 2018 (has links) Some may assume that it is essential to purchase and install antivirus software to protect the underlying layers of an IT infrastructure. However, nowadays the Windows 10 operating system is shipped with a built-in antivirus feature by default. With Microsoft being a large contender in the antivirus market it raises the question if it is necessary to use third-party antivirus software in a Windows 10 environment. The aim of this research is to determine the necessity of third-party antivirus software by examining the detection capabilities and measuring the performance impact caused by third-party antivirus software, in comparison with the antivirus service that is integrated with the Windows 10 operating system. This was done by measuring the response time of certain user activities to determine how the user-experience is affected differently by using third-party antivirus software. In addition to the effect on performance, the documentation of the tested products was studied to determine if there is value in using non-integrated antivirus software. The results of the performance benchmarks showed that overall there was a significant performance increase when using third-party antivirus. Additionally, the study showed that some third-party antivirus software offers more ways to detect malicious activities than Windows Defender Antivirus. These two facts put together suggests that using third-party antivirus software in a Windows 10 environment is necessary if there is a desire to increase the efficiency of performing certain user activities and if there is a desire to have more detection capabilities available. Antivirus Malware Computer Security Functionality Windows 10 Performance Response time Computer and Information Sciences Data- och informationsvetenskap
13	Aktyvaus procesų stebėjimo kompiuteryje programinės įrangos kūrimas ir tyrimas / Desktop security software design and research Jusas, Simonas 16 August 2007 (has links) Šis darbas pradedamas nuo dabar kompiuteriui iškylančių grėsmių analizės. Nagrinėjami kenkėjiškos programinės įrangos tipai bei analizuojamos jų veiklos. Tuomet pristatomi populiariausi kovos su kenkėjiška programine įranga įrankiai – antivirusai. Nors antivirusų efektyvumas sprendžiant problemas yra didelis, tačiau jų požiūris į problemos sprendimą nesikeičia jau daugelį metų. Galbūt tas problemas galima spręsti kitaip ir tai daryti nemažesniu efektyvumu? Šis klausimas privertė iškelti teiginį, jog virusų sąrašus pakeitus gerų procesų sąrašu, taip pat sėkmingai būtų galima užtikrinti kompiuterio saugumą. Remiantis pagrindiniais antivirusų architektūros principais buvo suprojektuota ir sukurta aktyvaus procesų stebėjimo programinė įranga. Pakeitus virusų sąrašą gerų procesų sąrašu, pasikeitė programinės įrangos charakteristikos: nereikia saugoti ilgų sąrašų, nes gerų procesų yra kelis šimtus kartų mažiau, nereikia nuolatos skenuoti kompiuterio, tik naujo proceso startavimo metu. Šios idėjos leidžia sutaupyti kompiuterių resursus, kurie gali būti panaudoti vykdant kitą veiklą. Be abejonės sukurtas produktas dar negali nukonkuruoti antivirusinės programinės įrangos, tačiau darbe pristatytos idėjos neturėtų būti pamirštos, tolesnis jų vystymas gali išsirutulioti į labai sėkmingą ir galingą kompiuterio apsaugos įrankį. / In this paper computer security issues are considered. The malware types and principles of activity are presented. There is also overview of antivirus technology. The main idea of this paper is that active computer’s processes observation and whitelisting should improve computer security. The principles of antivirus architecture were adapted to actively observe computer processes and let run only good ones. There was investigation of program needs for computer resources in experimental part and results are very promising. However it wasn’t much better then antivirus software and still needs a lot of research to do, it may be the technology of the future. Informatics Kompiuterių apsauga Kompiuterio procesai Antivirusai Computer security Computer process Antivirus
14	Computer virus : design and detection Arding, Petter, Hedelin, Hugo January 2014 (has links) Computer viruses uses a few different techniques, with various intentions, toinfect files. However, what most of them have in common is that they wantto avoid detection by anti-malware software. To not get detected and stay unnoticed,virus creators have developed several methods for this. Anti-malwaresoftware is constantly trying to counter these methods of virus infections withtheir own detection-techniques. In this paper we have analyzed the differenttypes of viruses and their infection techniques, and tried to determined whichworks the best to avoid detection. In the experiments we have done we havesimulated executing the viruses at the same time as an anti-malware softwarewas running. Our conclusion is that metamorphic viruses uses the best methodsto stay unnoticed by anti-malware software’s detection techniques. computer virus antimalware anti-malware antivirus anti-virus Other Computer and Information Science Annan data- och informationsvetenskap
15	Étude du mécanisme moléculaire de résistance antivirale du cytomégalovirus humain et des mutations de l’ADN polymérase UL54 qui lui sont associées Allaire, Andréa January 2017 (has links) Le cytomégalovirus humain (HCMV), un membre de la famille des Herpesviridae, cause des infections latentes chez plus de la moitié (60 %) de la population dans les pays développés. Cette proportion peut atteindre jusqu’à la totalité (100%) de la population dans les pays en voie de développement. Sa primo-infection chez le foetus en développement ou chez le nouveau-né ainsi que sa réactivation chez les individus immunodéprimés sont associés à de nombreux cas de morbidité et de mortalité. L’infection congénitale est l’infection à HCMV la plus importante et engendre un coût économique de plus de 2 milliards de dollars américains chaque année. Aucun vaccin n’est approuvé à ce jour pour la prévention de l’infection à HCMV. Cependant, des antiviraux sont disponibles pour le traitement de cette infection. Parmi ceux-ci, on retrouve trois types d’analogues : un analogue nucléosidique (ganciclovir), un analogue nucléosidique monophosphaté (cidofovir) et un analogue du pyrophosphate inorganique (foscarnet). Ces antiviraux ont tous comme cible commune l’ADN polymérase virale. Toutefois, de nombreuses souches résistantes à ces antiviraux sont retrouvées chez certains individus infectés. Ces souches résistantes présentent de nombreuses mutations au niveau du gène viral qui encode pour l’ADN polymérase UL54 du cytomégalovirus. Jusqu’à présent dans la littérature, seule l’association entre les mutations et la résistance antivirale a été proposée. Les travaux présentés dans ce mémoire visent à mieux comprendre l’effet des mutations sur la liaison des antiviraux à la polymérase et donc éventuellement élucider le mécanisme moléculaire de résistance aux antiviraux chez ce pathogène. Cette recherche a permis de déterminer que les mutations, associées à la résistance antivirale, affectent la liaison optimale des désoxynucléotides (dNTPs) et bloquent la liaison de l’antiviral (foscarnet) à l’ADN polymérase virale UL54. Toutefois, ces mutations n’affectent pas la liaison de l’ADN simple brin à celle-ci. De plus, selon l’étude présentée ici, les mutations n’affectent pas le repliement global de l’ADN polymérase virale. Le mécanisme de résistance moléculaire semble donc avoir un impact très local sur la protéine. Peu d’informations sur la structure de cette polymérase virale sont disponibles à ce jour dans la littérature. Il serait donc pertinent d’élucider la structure cristallographique de cette polymérase pour éventuellement étudier l’effet structural des mutations sur la polymérase et ainsi élucider le ou les mécanismes moléculaires de résistance aux antiviraux. Virus Cytomégalovirus humain ADN polymérase UL54 Résistance antivirale Antivirus Infection virale Infection congénitale
16	Proxy firewall / Proxy firewall Kugler, Zdeněk January 2009 (has links) This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
17	Antivirová ochrana počítače z bootovacího úložiště / Antivirus protection of a computer from a boot repository Mlejnek, Jiří January 2012 (has links) ABSTRACT Theme of the thesis is the design method of anti-virus protection with the use of an alternative boot store. Processed is a related issue of viruses and the possibility of defenses against them. This thesis is focused on the design and selection of components solutions enabling the execution of antivirus test from the undistorted by the operating system. With selected components continues to realize an alternative booting the operating system from a Windows platform computer network with automatic virus checking of all local disks. The results of inspection are transmitted using signed files on a network server and typically give an overview of the results of the individual tests.
18	Mail-Filter-Funktionen Leuschner, Jens 27 February 2002 (has links) Im Rahmen dieser Studienarbeit wird untersucht, welche Lösungen es momentan zur Filterung von Email mit unerwünschten Schadensfunktionen auf Mailservern gibt. Dabei werden sowohl offene als auch proprietäre Lösungen betrachtet und die momentanen Randbedingungen der TU Chemnitz beachtet. info:eu-repo/classification/ddc/004 ddc:004 Netzwerk Email Mailserver EXIM Filterung Antivirus Denial of Service
19	Live antivirusprogram i PHP : Med fokus inom CMS-verktyg och plugins / Live antivirus software in PHP : Focusing on CMS-verktyg and plugins Huynh, Henry January 2020 (has links) Syftet med detta arbete är att undersöka hur WordPress påverkas i prestanda med plugin installerade med ett live-antivirusprogram som körs i bakgrunden. Liveantivirusprogrammet söker igenom koder i webbsidan efter säkerhetsrisken base64. Säkerhetsriskerna visas senare detaljerade i en lista vart i sökvägen samt fil som blivit infekterad. Dessutom med hjälp av en tidtagar ur beräknas start-sluttid för varje mätning av svarstid. Resultatet från experimentet visar att live-antivirusprogrammet inte har sådan stor påverkan hos prestandan då plugin är syftet till att svarstider blir olika. Antivirus Live CMS-verktyg PHP Information Systems, Social aspects
20	Patterns of malware and digital attacks : A guideline for the security enthusiast / Patterns of malware and digital attacks : A guideline for the security enthusiast Güven, Wolf January 2018 (has links) Context: In today’s era, many things are dependent on the internet thus the devices and applications that are using it proliferates. Every day, many devices are getting targeted by malevolent virus authors. To protect the data from malicious factors becomes a preposterous dispute. A ransomware named CryptoLocker has caused many individuals, hospitals, and institutions thousands if not millions of dollars in damage due to encrypting the computer files thus demanding a ransom in return. Once the ransomware strikes a system, the recoverability is almost non-existent if no backup or system restore is present due to the private key which was used to encrypt files is encrypted and sent to the attacker’s database. Without the key, there is no recovery for restoring files. Objective: Exploratory research is conducted to reveal unique methods ransomware and keylogger may use to strike a system. The goal is to disclose protection policies of the Windows systems for the security enthusiasts and computer users. Three main objectives are present; how viruses hide in a system without servicing any rootkits to hide the malware, how ransomware and keylogger can be used together to deliver damage, and how to covert CPU usage of the ransomware during the encryption routine. Method: To answer the questions and exploit new features, ransomware, keylogger and a trojan horse is built. Original CryptoLocker architecture has been analyzed, and some methods have been derived. The final application is running on the Windows operating system; Windows 10. Win32 API, C++, and C# are used for the construction of the malware programs. Visual Studio 2017 has been used as an IDE. Results: The testing results reveal that running encryption routine as a background thread covert the CPU usage except the operation time increases by five times. The experiments show that disguising a malware program among the task manager process list is possible by setting Win32 API flag within the execution of the program. Changing the malware name, signature, and description of the program further enhance the sustainability rate from the everyday users. malware ransomware keylogger virus antivirus encryption infection protection user guideline digital attack Software Engineering Programvaruteknik

Search results