Philippe Pépos Petitclerc Ph.D. Candidate, Université du Québec à Montréal
Philippe is currently a Ph.D. candidate at UQÀM. He works as President and Security Researcher at Resilience Coop. Most importantly, he is a founding member of Hubert Hackin'
Talk: A systematic approach to evading antivirus software
Talks will be streamed on YouTube and Twitch for free.
Red teaming and penetration testing are core practices of the cyber security audit landscape. Both of these practices rely on the ability to execute offensive software tools that are normally detected as malicious by antivirus software. To achieve the execution of these tools on systems where antivirus software are installed, operators rely on several techniques to evade detection. In practice, detection evasion is, too often, ill-informed guesswork. A better methodology for evasion would allow for more efficient, and therefore more affordable campaigns thus contributing to more cyberresilient organisations.
This presentation will discuss some of my ongoing Ph.D. research into methodologies for deducing information about detection capabilities present in antivirus software solutions. I propose a black-box approach based on software probes, mutations and the logical implications of their detection to identify antivirus capabilities. Correct identification of these capabilities would allow evasion techniques to be applied intently and minimally, reducing chances of unexpected detections and decreasing time spent on evading antivirus software.