Overview
Explore AVLeak, a powerful tool for fingerprinting consumer antivirus emulators through automated black box testing, in this 28-minute Black Hat conference talk. Learn how to extract fingerprints from AV emulators that malware can use to detect analysis and evade detection. Discover various fingerprinting techniques, including environmental artifacts, OS API behavioral inconsistencies, network connectivity emulation, timing inconsistencies, process introspection, and CPU emulator "red pills." Witness a live demonstration of AVLeak, showcasing real-world fingerprints that can detect and evade popular consumer AVs like Kaspersky, Bitdefender, AVG, and VBA. Gain insights into this comprehensive examination of emulation detection methods, advancing beyond traditional binary reverse engineering and time-consuming black box testing approaches.
Syllabus
AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
Taught by
Black Hat