Analyzing and Reverse Engineering Antivirus Signatures

Explore the intricacies of antivirus signature analysis and reverse engineering in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the development of a specialized tool designed to dissect and understand antivirus signatures, gaining valuable insights into their functionality and potential vulnerabilities. Learn how this knowledge can be leveraged by RedTeamers to create undetectable tools with minimal effort. Examine the architecture and underlying concepts of the software, including an in-depth look at common initial attack vector file formats and their associated challenges. Analyze the effectiveness of Microsoft Defender signatures, identify common issues, and discover future improvements in antivirus technology. Benefit from the speaker's extensive experience as a former penetration tester, SOC analyst, and current RedTeam leader at Raiffeisen Schweiz.