May 16 01:00 PM EDT
Workshops are first-come, first-serve and have limited capacity. Some workshops may be streamed for additional passive participation.
The perpetual race to safeguard and secure our infrastructures have given birth to robust defensive mechanisms, such as antiviruses (AV), Endpoint Detection and Response (EDRs), and Extended detection and response (XDR) just to name a few. Over the years the detection methodologies employed by them have evolved. From the very basic string and hash matching techniques, defensive mechanisms have enhanced their capabilities by employing machine learning, in memory scanning and other sophisticated techniques. From the perspective of a malware developer, developing malware is considerably easier as compared to evading it. In this talk we will discuss various techniques employed by malware developers to circumvent detection measures implemented by modern day AVs and EDRs. This talk will solely focus on the Windows ecosystem. We will discuss the nitty gritties of the Windows OS, followed by various detection techniques implemented by AVs and EDRs. After understanding the detection methods we will shift our focus on various techniques that can be implemented to bypass aforementioned detection techniques. Some techniques included are Unhooking, BlockDLL, Repatching, API Hashing, ETW and AMSI patching etc. In order to better understand the concepts discussed, we present real life PoCs. These PoCs will showcase the discussed evasion techniques on a popular red teaming tool (Juicy Potato). The implemented techniques will be tested against ‘Windows Defender’, a popular and widely used inbuilt AV solution by Microsoft. Furthermore these PoCs will showcase the exact detection methods and how we were able to bypass them to gain access.
Aryan Jogia Independent Security Researcher, Independent Security Researcher
Aryan is a security researcher with over 4+ years of experience. He’s a full time malware researcher and loves to evade AV and EDRs. His research interests are not just limited to Windows, but he even develops low level code for *nix systems. Even though his expertise lies in the domain of malware development and reversing, he also dabbles in the domain of red teaming. With his experience in low level programming, he also curates and develops toolkits extensively used for red team engagements. He has presented sessions at WildWest Hackin Fest, The Hack Summit, Carolina Con 4 and BSides Ahmedabad. With his CRTO certification in tow, he has led and participated in numerous red team engagements with strong defense mechanisms.
Chetanya Kunndra ,