Evasion Tactics in Malware from the Inside Out

Posted on in Presentations

Authors of malicious code employ clever tactics to get around security tools such as analysis sandboxes and antivirus products. This hands-on lab explores such techniques by looking at real-world samples with the help of a debugger, so you can better understand evasion mechanisms and learn how to examine them on your own. Participants must bring a laptop with a VM set up according to the instructions they’ll receive prior to this session. Prior experience with malware analysis is not required.

Learning Objectives:
1: Clearly understand how malware authors implement evasion tactics in their code.
2: Learn how to spot and examine evasion techniques by analyzing malware using a debugger.
3: Understand how to draw conclusions from malicious code analysis to fortify anti-malware defenses.

General understanding of Microsoft Windows architecture that involves the use of API calls for environmental interactions. General understanding of programming concepts such as if-else statements and function calls. General understanding of anti-malware technologies, such as antivirus tools and automated analysis sandboxes.

James Tarala


Principal Consultant, Enclave Security, LLC

Kelli Tarala


Principal, Enclave Security

John TerBush


Threat Intelligence Analyst, Recorded Future

Johannes Ullrich


Dean of Research, SANS Technology Institute

Lenny Zeltser


CISO / Author / Instructor, Axonius / SANS Institute

Hackers & Threats

threat intelligence anti-malware incident response endpoint security anti-malware



Share With Your Community