Evasion Tactics in Malware from the Inside Out


Posted on in Presentations

Authors of malicious code employ clever tactics to get around security tools such as analysis sandboxes and antivirus products. This hands-on lab explores such techniques by looking at real-world samples with the help of a debugger, so you can better understand evasion mechanisms and learn how to examine them on your own. Participants must bring a laptop with a VM set up according to the instructions they’ll receive prior to this session. Prior experience with malware analysis is not required.

Learning Objectives:
1: Clearly understand how malware authors implement evasion tactics in their code.
2: Learn how to spot and examine evasion techniques by analyzing malware using a debugger.
3: Understand how to draw conclusions from malicious code analysis to fortify anti-malware defenses.

Pre-Requisites:
General understanding of Microsoft Windows architecture that involves the use of API calls for environmental interactions. General understanding of programming concepts such as if-else statements and function calls. General understanding of anti-malware technologies, such as antivirus tools and automated analysis sandboxes.

Participants
James Tarala

Principal Consultant, Enclave Security, LLC

Johannes Ullrich

Dean of Research, SANS Technology Institute

John TerBush

Threat Intelligence Analyst, Recorded Future

Kelli Tarala

Principal, Enclave Security

Hackers & Threats

threat intelligence anti-malware incident response endpoint security anti-malware


Topic

Subtopic


Share With Your Community