Tryhackme - Introduction to Antivirus

Tryhackme – Introduction to Antivirus

In this walk through, we will be going through the Introduction to Antivirus room from Tryhackme. In this room, we will understand how antivirus software works and what detection techniques are used to bypass malicious file checks. So, let’s get started without any delay.

Introduction to Antivirus

Task 1 – Introduction

Task 1 - Introduction

Task 2 – Antivirus Software

Question 1 – What does AV mean?

Question 2 – Which PC Antivirus vendor implemented the first AV software on the market?

Question 3 – Antivirus software is a _-based security solution.

Task 2 - Antivirus Software

Task 3 – Antivirus Features

Question 1 – Which AV feature analyzes malware in a safe and isolated environment?

Question 2 – An _ feature is a process of restoring or decrypting the compressed executable files to the original.

Question 3 – Read the above to proceed to the next task, where we discuss the AV detection techniques.

Task 3 - Antivirus Features

Task 4 – Deploy the VM

Question 1 – Once you’ve deployed the VM, it will take a few minutes to boot up. Then, progress to the next task!

Windows VM

Task 4 - Deploy the VM

Task 5 – AV Static Detection

Question 1 – What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary?

"c:\Program Files\ClamAV\sigtool.exe" --md5 AV-Check.exe

sigtool.exe

Question 2 – Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag?

strings AV-Check.exe

strings AV-Check.exe

Flag

Task 5 - AV Static Detection

Task 6 – Other Detection Techniques

Question 1 – Which detection method is used to analyze malicious software inside virtual environments?

Task 6 - Other Detection Techniques

Task 7 – AV Testing and Fingerprinting

Question 1 – For the C# AV fingerprint, try to rewrite the code in a different language, such as Python, and check whether VirusTotal flag it as malicious.

Question 2 – Read the Above!

Task 7 - AV Testing and Fingerprinting

Task 8 – Conclusion

Task 8 - Conclusion

Also Read: DVWA – Weak Session IDs (Low/Med/High)

So that was “Introduction to Antivirus” for you. We looked into the basics of Anti-virus software and how it works. Post that, we took a deep dive into static malware detection and At last, completed the room by looking into Other detection techniques, malware testing and fingerprinting. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top