Wolf in Sheep Clothing |
Presenter: Wei Chong Tan
Format: 30 mins Abstract
Antivirus (AV) software is often the first line of defends in endpoint security. Therefore, AV evasion is a necessary technique for any malware authors and/or red teamers to master in order to bypass the detection. In this talk, I will share a new evasion technique which takes a different approach from conventional techniques by exploiting some blind spots of existing AV detection methodologies. The evasion technique does not rely on any specific features of any AV vendor products. This technique allows malware files to be physically written into and execute from the disk without being detected by AV. This is often useful as a dropper. The goal of this talk is to benefit 3 major groups of audience. Firstly, the red teamers and pentesters, who can use it in their work. Secondly, the blue teamers, who can start planning for a more effective detection and also look for any existing evidence of compromise attempts in the wild. Thirdly, the AV industry vendors, who can develop new detection methodology or improve existing ones. Finally, this talk aims to challenge the audience to question their own assumption on how some seemingly benign artifacts can be weaponised. |