Process Injection Certification Test : https://www.av-comparatives.org/process-injection-certification-test/ LSASS Credential Dumping Certification Test : https://www.av-comparatives.org/lsass-credential-dumping-certification-test/
What I wonder about is were these simulators or real life malware that were using these code injection methods? But good to know they were able to block almost all methods.
OK cool, but can you then tell me how did you test these AV's against code injection? I mean if malware runs and is caught by the AV, it will never get to perform code injection. Or am I misunderstanding?
In this test, we focused on evaluating various AV products against different process injection techniques. We crafted the samples in such a way that they bypassed both static and dynamic detections initially. This setup allowed us to specifically test whether the AV products could detect the execution or injection of the shellcode.
Wait a minute, so you guys say you are able to bypass AV's? So I assume this means that hackers can do the same. But it's indeed an interesting way to test behavior blockers. I saw a video on the PC Security channel where Eset Internet Security 2024 was tested with real time protection disabled but the HIPS was still enabled and it failed to block a ransomware sample.