The book explains AV from both sides (the AV developer and the attacker) helping to explain why and how. @matalaz (Joxean) has done a lot of work attacking AV. Having @0xeb (Elias) help out, who was one of the creators of EMET, likely helps give that defender perspective. Both are former Hex-Rays (maker of IDA Pro) employees, so they are awesome reversers, and both are developers, so the code (python) you see in the book is clean. The writing is personable and enjoyable to read, like a mentor teaching a topic they love. It reads much like "Practical Reverse Engineering" (which Elias also helped write) and is a great combination with that, so from one you learn how to reverse in general, and from this you can see specifically how to reverse a class of products and apply that knowledge to doing vuln research on them.
The book describes all of the components of AV, from file scanning, to it's update mechanism, to touching briefly on things like browser plugins. The authors have extensive knowledge of this class of products and so comments about many different AV products are sprinkled throughout.
This is an excellent practical guide to reverse engineering in general, that just happens to have AV as the common theme. It assumes some RE knowledge with IDA Pro, but beyond that everything else is free, open-source tools, with some (Diaphora and BCCF) written by Joxean. It uses every technique available to reverse products, such as investigating versions for different OSs which may have more symbols. It shows how to set up frameworks to run the AV's core scanner, which can help with not only fuzzing, but also is an important generic RE skill for using or testing a product's features.
It is a practical guide to vuln research and shows how to investigate many areas of an attack surface. The focus is on file format fuzzing (as that is the biggest attack surface of AVs) but it also discusses permission and logical issues for escalation of privileges, MiTM attacks on the updates, and evasion tactics.
My biggest concern with the book is that no versions or hashes or files being reversed are mentioned, and no download archive specific to the book appears to be available, so in time (now?) it won't be possible to play along with some of the reversing sessions and use the framework bindings. The concepts and material stand on their own, but it'd be nice to see an archive of these files appear on the Internet somewhere.
Problem beim Laden der Informationen
Leider konnten wir die Informationen der verantwortlichen Person aufgrund eines Problems nicht anzeigen. Lade die Seite neu oder versuche es später erneut.
Problem beim Laden der Informationen
Leider konnten wir die Herstellerinformationen aufgrund eines Problems nicht anzeigen. Lade die Seite neu oder versuche es später erneut.
Problem beim Laden der Informationen
Leider konnten wir die Bilder zur Produktsicherheit aufgrund eines Problems nicht anzeigen. Lade die Seite neu oder versuche es später erneut.
