Evasion Tactics in Malware from the Inside Out


Posted on in Presentations

Authors of malicious code employ clever tactics to get around security tools such as analysis sandboxes and antivirus products. This hands-on lab explores such techniques by looking at real-world samples with the help of a debugger, so you can better understand evasion mechanisms and learn how to examine them on your own. Participants must bring a laptop with a VM set up according to the instructions they’ll receive prior to this session. Prior experience with malware analysis is not required.

Learning Objectives:
1: Clearly understand how malware authors implement evasion tactics in their code.
2: Learn how to spot and examine evasion techniques by analyzing malware using a debugger.
3: Understand how to draw conclusions from malicious code analysis to fortify anti-malware defenses.

Pre-Requisites:
General understanding of Microsoft Windows architecture that involves the use of API calls for environmental interactions. General understanding of programming concepts such as if-else statements and function calls. General understanding of anti-malware technologies, such as antivirus tools and automated analysis sandboxes.

Participants
James Tarala

Participant

Principal Consultant, Enclave Security, LLC

Kelli Tarala

Participant

Principal, Enclave Security

John TerBush

Participant

Threat Intelligence Analyst, Recorded Future

Johannes Ullrich

Participant

Dean of Research, SANS Technology Institute

Lenny Zeltser

Participant

CISO / Author / Instructor, Axonius / SANS Institute

Hackers & Threats

threat intelligence anti-malware incident response endpoint security anti-malware


Topic

Subtopic


Share With Your Community