A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Evading code emulation: Writing ridiculously obvious malware that bypasses AV - Kyle Adams (BSides Las Vegas 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Evading code emulation: Writing ridiculously obvious malware that bypasses AV
Kyle Adams

Code emulation, a technology capable of detecting malware for which no signature exists. It’s a powerful step in the right direction for client security, but it’s a long way from mature. This talk will demonstrate how the code emulation engine in Anti-Virus Guard (AVG) can be reverse engineered by progressively testing its features, and ultimately evading detection. The result is a Command-and-Control (C&C) bot, in a non-obfuscated windows shell script, that AVG and many other leading AV engines will not detect. I will propose solutions on how these code emulation environments can be improved, making the detection of zero day malware far more successful going forward. This is not a jab against AVG, as they get enormous credit for including such a powerful tool in a free antivirus client.

Bio: Kyle Adams has been involved with security since a very early age. Self-taught, he learned the basics of hacking and security defense strategies long before entering the professional world. Early on, much of his professional focus was on web security threats like SQLi, XSS, CSRF, etc…but more recently he started researching and working on products to defend against malware based threats. Kyle helped build and design the first commercial security solution based on deception and misinformation, evolving the concept of honeypot technology from a purely academic endeavor to a realistic intrusion prevention strategy (Junos WebApp Secure, formerly Mykonos). He is now working on introducing similar deception techniques as a detection and prevention methodology into the malware space.

Back to BSides Las Vegas 2014 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast