> Sorry, there is a lot to be learned by getting inside the > mind of a hacker and building software to defeat AV Packages. > If you cannot see this then you don't belong in the security > industry. As a security expert, you make security better by > constantly thinking of new ways to violate it. If everything > the enemy can think of catches you totally off guard, I think > you need to get a new job, find a new career, either > voluntarily or after you get fired.
Now there is a very common misconception if it comes to malware and security. Viruses and Trojans don't try to exploit any vulnerabilities that need to be fixed, they simply take advantage of features offered by the OS (modifying files, creating files, establishing connections to some C&C etc.). AV software is basically looking for all known malware and is trying to detect new (i.e. unknown) malware based on behaviour or similarities to known malware. Anything that can be learned from such a contest has allready been shown back in the early 90s. The contest may provide some interesting insights if it were up against behaviour-based protection and HIPS actively running on a system, but against a bunch of commandline-AV-scanners? C'mon... cheers, Toralv Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Eric F. Brown, Anthony E. Ruiseal Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
