分类 免杀学习 下的文章

前记

在上一篇文章中我们学习了Antimalware Scan Interface(AMSI)的一些知识。作为渗透测试的我们了解杀软是为了更好地进行免杀。

在对抗杀毒软件的手法中,在大层面来说:

一就是破坏杀毒软件,使其无法正常运行;
二是绕过杀毒软件,使其无法检测到。

从小的层面来说:

- 阅读剩余部分 -

Amsi(Antimalware Scan Interface)基础知识

The Windows Antimalware Scan Interface (AMSI) is a versatile interface
standard that allows your applications and services to integrate with
any antimalware product that's present on a machine. AMSI provides
enhanced malware protection for your end-users and their data,
applications, and workloads.

AMSI is agnostic of antimalware vendor; it's designed to allow for the
most common malware scanning and protection techniques provided by
today's antimalware products that can be integrated into applications.
It supports a calling structure allowing for file and memory or stream
scanning, content source URL/IP reputation checks, and other
techniques.










- 阅读剩余部分 -