Supercharge Your Innovation With Domain-Expert AI Agents!

Method for evading PE file uploading of antivirus software based on penetration testing

An anti-virus software and penetration testing technology, applied in the field of network security, can solve the problems of data security loopholes, penetration testing tool PE is easy to be uploaded, analyzed or killed, penetration testing work efficiency is low, etc., to achieve the effect of increasing the memory size

Inactive Publication Date: 2017-11-24
ZHEJIANG QUANTUM TECH CO LTD
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to provide a method for uploading PE files based on anti-virus software in penetration testing, so as to solve the problem that the penetration testing work efficiency is low in the prior art, and the penetration testing tool PE is easy to be uploaded, analyzed or checked and killed. There are technical flaws with huge loopholes in security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for evading PE file uploading of antivirus software based on penetration testing
  • Method for evading PE file uploading of antivirus software based on penetration testing
  • Method for evading PE file uploading of antivirus software based on penetration testing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0051] like Figure 4 , Figure 5 As shown, the PE file capacity increase process:

[0052] (1) Take putty (pe format) application running as an example, click on the property to find the file size is 484k bytes, click on the file, and it will run normally;

[0053] (2) Use the lordpe software to edit the PE file, find the header of the block table, and find the last one of the block table, add a section table named idata, such as Figure 6 , Figure 7 As shown, set the block size to 256M (0x10000000), and modify NumberOfSections from 4 to 5;

[0054] (3) if Figure 8 As shown, set the block attribute as a read-only attribute and save it;

[0055] (4) if Figure 9 , Figure 10As shown, use Hexeditor to open the putty file, add a 512M byte random number at the end of the file, add 0x10000000 to the SizeOfCode field of the pe file header, and save the file;

[0056] (5) if Figure 11 As shown, check the putty file properties, the file size increases by 512M;

[0057] (...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for evading PE file uploading of antivirus software based on penetration testing. The method includes the following steps that a) a memory of a current PE file and a memory of a file after the capacity is increased are determined; b) a block table head at the least significant end is determined; c) a new block table head is added again, and the length of a corresponding block of the block table head and the specific attribute of the block are set; d) bytes are added to the file tail of the block; e) the file is preserved; f) the size of the file is verified; g) a PE file is operated, and whether load time is changed or not is detected. Compared with the prior art, according to the method for evading PE file uploading of the antivirus software based on penetration testing, when a large file is killed through a current antivirus-software cloud killing mechanism, only a characteristic value can be commonly extracted, and an analysis-process basis of the file cannot be uploaded; according to the method for evading PE file uploading of the antivirus software by increasing the memory of the PE file, an unsafe data loophole is recovered while the working efficiency of penetration testing is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for uploading PE files based on avoiding antivirus software in penetration testing. Background technique [0002] At present, the security protection software adopts the cloud detection and killing mechanism. The cloud detection and killing mechanism means that when the security protection software detects suspicious files, it first uses the local popular signature database and the local normal file database (white list database) to check. If the file is neither an existing virus signature nor a normal local file, the signature of the file will be submitted to the cloud database for inspection. If it is detected that the file is a virus, the result of cloud identification will be returned. If the cloud library inspection finds that this is a brand new file and a suspicious file that has never appeared before, the suspicious file will be reported. [0003] Pene...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/565G06F21/577
Inventor 孙勇赵义博
Owner ZHEJIANG QUANTUM TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com