How to bypass AV

We came across this presentation given by Andrew King at this year’s Toorcon in San Diego and thought it was worth posting for some Thanksgiving reading. You’ll be able to follow along just fine if, like Andrew, you believe building polymorphic encoders inside a DLL housing is “not that complicated”. For the rest of us, you’ll get the idea anyway of how targeted attacks can be built with methodologies like this and achieve AV bypass with virtual certainty against most if not all the major vendors.

My talk at ToorCon San Diego 2011 from Andrew King on Vimeo.

 

Finding an evil in a haystack...

• The Threats
• Our Approach
• Our Software

Latest Blog Posts

• 16.02Securabit ECAT Podcast Feb 22nd: Old wine in a new bottle
• 15.02ECAT now integrates Bit9's GSR
• 13.02Introduction to ECAT - Video
• 26.01RSA - your complementary expo pass
• 16.01When being #1 means a 42% failure rate
• 09.01ECAT at RSA Conference 2012 - Feb 27
• 01.01ZeroAccess - the movie
• 21.11Down and Dirty with Duqu - Analysis with ECAT
• 02.11Poison Ivy ("Nitro") and ECAT analysis
• 02.11Silicium and Opswat partner to integrate Metascan, ECAT

Follow us

Archives

• February 2012
• January 2012
• November 2011
• October 2011
• September 2011
• May 2011
• April 2011
• March 2011
• November 2010
• October 2010
• September 2010
• July 2010