Explore AVLeak, a powerful tool for fingerprinting consumer antivirus emulators through automated black box testing, in this 28-minute Black Hat conference talk. Learn how to extract fingerprints from AV emulators that malware can use to detect analysis and evade detection. Discover various fingerprinting techniques, including environmental artifacts, OS API behavioral inconsistencies, network connectivity emulation, timing inconsistencies, process introspection, and CPU emulator "red pills." Witness a live demonstration of AVLeak, showcasing real-world fingerprints that can detect and evade popular consumer AVs like Kaspersky, Bitdefender, AVG, and VBA. Gain insights into this comprehensive examination of emulation detection methods, advancing beyond traditional binary reverse engineering and time-consuming black box testing approaches.
AVLeak - Fingerprinting Antivirus Emulators for Advanced Malware Evasion
Overview
Syllabus
AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
Taught by
Black Hat
Related Courses
-
Full System Emulation - Achieving Successful Automated Dynamic Analysis of Evasive Malware
-
Windows Offender - Reverse Engineering Windows Defender's Antivirus Emulator
-
AVPASS - Leaking and Bypassing Antivirus Detection Model Automatically
-
One Packer to Rule Them All
-
Rope - Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution
-
Mem2Img - Memory-Resident Malware Detection via Convolution Neural Network
