BOAZ Evasion And Antivirus Testing Tool (For Educational Purpose)

The BOAZ Evasion and Antivirus Testing Tool is a sophisticated framework designed for educational purposes to evaluate antivirus (AV) defenses and test evasion techniques.

Developed with a multi-layered approach, BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) aims to bypass signature, heuristic, and behavioral detection mechanisms employed by modern AV solutions.

It is particularly useful for students and researchers in offensive security, as it does not require advanced programming skills to generate undetectable polymorphic samples.

Key Features

1. Modular Design: BOAZ allows users to extend its functionality by adding scripts or integrating new techniques.
2. Signature Evasion:

• Utilizes LLVM-based obfuscation (Pluto and Akira) for string encryption and control flow flattening.
• Implements encoding methods such as UUID, Base64, ChaCha20, and AES to disguise payloads.
• Offers compilation-time obfuscation techniques like bogus control flow and mixed-boolean arithmetic.

1. Heuristic Evasion:

• Anti-emulation checks based on file system operations and network activity.
• API unhooking techniques like Halo’s Gate and Peruns’ Fart.
• Sleep obfuscation to evade sandbox detection.

1. Behavioral Evasion:

• Includes process injection loaders and ETW-patching to bypass runtime monitoring.
• Supports post-execution self-deletion for stealth.
• Introduces innovative memory guards like Sifu Memory Guard for hiding shellcode.

BOAZ accepts x64 binaries or raw payloads as input and generates obfuscated outputs that evade detection by AV engines.

It has been tested against 14 desktop AVs on Windows 11 virtual machines, demonstrating its effectiveness in bypassing various detection methods.

The tool also functions as a packer or obfuscator, enabling users to encrypt and disguise executables. With its modular architecture, users can integrate custom tools and techniques into the framework.

Educational Value

BOAZ is ideal for learning about AV evasion techniques without relying on zero-day exploits or commercial tools. It provides insights into how AV systems detect threats and how attackers adapt to evade them.

The tool emphasizes ethical use in controlled environments for research and education.

Planned enhancements include Docker support, a graphical user interface, additional loader templates, advanced obfuscation techniques, and expanded file format support.

In summary, BOAZ is a powerful educational tool for exploring the challenges of antivirus evasion while fostering a deeper understanding of cybersecurity defenses.