al-khaser – Tool to stress anti-malware system
When we install security software it is quite common that users perform some testing to make sure that we don’t affect performance of applications or any systems. PoC may include several phases with different components we want to test and here you can have al-khaser within your roadmap.
al-khaser is a PoC malware with good intentions that aims to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Some of the common use are:
- You are making an anti-debug plugin and you want to check its effectiveness.
- You want to ensure that your sandbox solution is hidden enough.
- Or you want to ensure that your malware analysis environment is well hidden.
The compilation of attacks to stress the anti-malware are:
- Anti-debugging attacks modules
- Anti-Dumping modules
- Timing Attacks [Anti-Sandbox]
- Human Interaction [Anti-Sandbox]
- Code/DLL Injections techniques
You can find the scripts in the tool for example the timing attacks are used to bypass sandboxed systems. These type of tests are used by modern malwares to break into the system and infect hosts. Any vulnerability may allow malicious user to exploit the bug and gain unauthorized access and control the computing resources.
To download and read more about this tool you can check this link: https://github.com/LordNoteworthy/al-khaser