Rich Macfarlane R.Macfarlane@napier.ac.uk
Associate Professor
BOAZ, Yet Another Layered Evasion Tool: Evasion Tool Evaluations and AV Testing
Macfarlane, Rich; Xuan Meng, Thomas
Authors
Thomas Xuan Meng
Abstract
In the rapidly evolving landscape of cybersecurity, there has been an increasing deployment of evasion techniques in organizational vulnerability assessments and found post-discovery of security incidents, owing to the more sophisticated defense mechanisms. However, there is no consensus on how antivirus (AV) performance against evasion methods and techniques can be methodically evaluated.
Antivirus (AV) solutions, serving as the last line of defense on users' endpoint devices, have evolved into highly complex entities, often operated as 'black boxes' from the user's perspective due to proprietary and security reasons. This dynamic places researchers and attackers in similar positions. While malware authors can fingerprint AV detection mechanisms through various evasion techniques, researchers can employ similar methods to identify improvement opportunities in security products.
Our study aims to bridge the gap in empirical research on the performance of up-to-date antivirus solutions against evasion frameworks and methods in the latest Windows environment with all defense features enabled. As a by-product of this study, I developed a custom evasion framework named BOAZ, which served as an additional and flexible AV evaluation tool. This framework is complemented by a comprehensive suite of 17 evasion tools, evaluated against 71 online AV engines and 14 carefully selected desktop AV solutions. The experiment results revealed significant insights: the successful compromise of contemporary AVs can be achieved by understanding the building blocks of evasion detections and strategically combining existing evasion methods, without requiring advanced programming skills or zero-day exploits. Moreover, the study revealed the iterative relationship between signature and behavioural detections across detection phases.
Citation
Macfarlane, R., & Xuan Meng, T. (2024, August). BOAZ, Yet Another Layered Evasion Tool: Evasion Tool Evaluations and AV Testing. Presented at blackhat USA 2024, Las Vegas, US
Presentation Conference Type | Presentation / Talk |
---|---|
Conference Name | blackhat USA 2024 |
Start Date | Aug 3, 2024 |
End Date | Aug 8, 2024 |
Deposit Date | Sep 23, 2024 |
Peer Reviewed | Not Peer Reviewed |
Keywords | Offensive Security, Malware, Evasion, Exploitation |
You might also like
Approaches to the classification of high entropy file fragments.
(2013)
Journal Article
Formal security policy implementations in network firewalls.
(2011)
Journal Article
Evaluation of the DFET Cloud.
(2015)
Presentation / Conference Contribution
Teaching penetration and malware analysis in a cloud-based environment.
(2015)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search