|
|
Hiding and obfuscation of malware to avoid antivirus detection
Rybár, Matej ; Dzurenda, Petr (referee) ; Casanova-Marqués, Raúl (advisor)
Počas hodnotenia bezpečnosti je pomerne nezvyčajné, aby bol niekto presvedčený, že antivírusový softvér neposkytuje úplnú bezpečnosť. Keď penetračný tester narazí na antivírusový softvér, sú chvíle, kedy musí konať rýchlo. Z týchto a iných dôvodov boli vyvinuté rôzne spôsoby obchádzania antivírusového softvéru. Niektoré z týchto prístupov obsfukácie majú za cieľ uniknúť statickej analýze úpravou a manipuláciou s formátom Portable Executable, čo je štandardizovaný formát spustiteľného súboru Windows. Niekoľko typov malvéru mení formát súboru PE, aby sa zabránilo statickej detekcii antivírusu. Táto práca sa zaoberá formátom súborov PE, detekciou malvéru a statickou detekciou obfukačných techník. Výsledkom tejto práce je scantime crypter Persesutor, ktorý zašifruje vstupný súbor a následne po spustení zašifrovaný súbor dešifruje a načítá v pamäti.
|
|
|
Attack Techniques on ELF/PE Files and Detection
Brunai, Adam ; Jurnečka, Peter (referee) ; Barabas, Maroš (advisor)
This thesis deals with the attack techniques on executable files in Windows OS. Its main goal is to analyze the file infection techniques in terms of their implementation and detection. Before the analysis, the reader will become familiar with executable files. Part of the thesis is demonstration tool named "pein" that solves implementation of infection. In conclusion, the work deals with the malware analysis and detection techniques.
|
|
|
Library for Efficient Video Capture in 3D Application
Pospíšil, Petr ; Navrátil, Jan (referee) ; Havel, Jiří (advisor)
This thesis deals with library for recording video in the background of 3D application. A library is designed to work under the Microsoft Windows and Linux operation systems. It records image and also sound. Image recording is supported in OpenGL, Direct3D9, Direct3D10 and Direct3D11. To reduce video data size, library supports image compression using MJPG codec. Audio is recorded by WaveForm audio, Windows Core Audio or ALSA. Recorded sound is for whole operation system. A library is able to record up to two audio streams to accommodate possible microphone input. It can mix audio data together if needed. Output data are then written into AVI file. It is possible to write own text information as overlay that is rendered as part of application screen output.
|
|
|
Decompilation from Selected Object File Formats
Bandzi, Michal ; Láznička, Stanislav (referee) ; Matula, Peter (advisor)
Object files contain machine code that can be executed by processor unit. Structure of an object file is defined by its file format. In order to decompile an object file, it is necessary to process and convert file data to internal representation of decompiler. This thesis discusses design and implementation of new modules for file format processing that will be part of the Retargetable Decompiler project. The goal of this work is to add support for Intel HEX and Mach-O file formats and new implementation of already supported Portable Executable file format. Implementation of modules for file formats Intel HEX and Mach-O was successful and it is possible to use them for reverse compilation. Processing of PE file format is not possible in sufficient quality due to errors in used LLVM library.
|
|
|
Hiding and obfuscation of malware to avoid antivirus detection
Rybár, Matej ; Dzurenda, Petr (referee) ; Casanova-Marqués, Raúl (advisor)
Počas hodnotenia bezpečnosti je pomerne nezvyčajné, aby bol niekto presvedčený, že antivírusový softvér neposkytuje úplnú bezpečnosť. Keď penetračný tester narazí na antivírusový softvér, sú chvíle, kedy musí konať rýchlo. Z týchto a iných dôvodov boli vyvinuté rôzne spôsoby obchádzania antivírusového softvéru. Niektoré z týchto prístupov obsfukácie majú za cieľ uniknúť statickej analýze úpravou a manipuláciou s formátom Portable Executable, čo je štandardizovaný formát spustiteľného súboru Windows. Niekoľko typov malvéru mení formát súboru PE, aby sa zabránilo statickej detekcii antivírusu. Táto práca sa zaoberá formátom súborov PE, detekciou malvéru a statickou detekciou obfukačných techník. Výsledkom tejto práce je scantime crypter Persesutor, ktorý zašifruje vstupný súbor a následne po spustení zašifrovaný súbor dešifruje a načítá v pamäti.
|
|
|
Obrana programů před reverzním inženýrstvím
Šálek, Jiří
This thesis deals with illegal distribution of programs. It describes methods of licencing programs and ways their restrictions. It focuses on description basic tools and techniques used to program cracking. Farther this work describes structure of executables files on MS Windows. The work is completed with malware analysis for clarification techniques masking of code. This work is complemented by a demonstration application for program code masking.
|
|
|
Attack Techniques on ELF/PE Files and Detection
Brunai, Adam ; Jurnečka, Peter (referee) ; Barabas, Maroš (advisor)
This thesis deals with the attack techniques on executable files in Windows OS. Its main goal is to analyze the file infection techniques in terms of their implementation and detection. Before the analysis, the reader will become familiar with executable files. Part of the thesis is demonstration tool named "pein" that solves implementation of infection. In conclusion, the work deals with the malware analysis and detection techniques.
|
|
|
Decompilation from Selected Object File Formats
Bandzi, Michal ; Láznička, Stanislav (referee) ; Matula, Peter (advisor)
Object files contain machine code that can be executed by processor unit. Structure of an object file is defined by its file format. In order to decompile an object file, it is necessary to process and convert file data to internal representation of decompiler. This thesis discusses design and implementation of new modules for file format processing that will be part of the Retargetable Decompiler project. The goal of this work is to add support for Intel HEX and Mach-O file formats and new implementation of already supported Portable Executable file format. Implementation of modules for file formats Intel HEX and Mach-O was successful and it is possible to use them for reverse compilation. Processing of PE file format is not possible in sufficient quality due to errors in used LLVM library.
|
|
|
Library for Efficient Video Capture in 3D Application
Pospíšil, Petr ; Navrátil, Jan (referee) ; Havel, Jiří (advisor)
This thesis deals with library for recording video in the background of 3D application. A library is designed to work under the Microsoft Windows and Linux operation systems. It records image and also sound. Image recording is supported in OpenGL, Direct3D9, Direct3D10 and Direct3D11. To reduce video data size, library supports image compression using MJPG codec. Audio is recorded by WaveForm audio, Windows Core Audio or ALSA. Recorded sound is for whole operation system. A library is able to record up to two audio streams to accommodate possible microphone input. It can mix audio data together if needed. Output data are then written into AVI file. It is possible to write own text information as overlay that is rendered as part of application screen output.
|
guest ::
