Explore advanced techniques for hiding malicious code from antivirus software using memory-mapped files in this 33-minute Black Hat conference talk. Discover how researchers have progressed beyond simply storing malicious payloads to repeatedly identifying and utilizing specific memory addresses in memory-mapped files for code execution. Learn from security experts Ben Holder and Parker Crook as they demonstrate their findings and methodologies, providing valuable insights for both offensive and defensive cybersecurity professionals. Gain a deeper understanding of this sophisticated evasion technique and its potential implications for malware detection and prevention.
Exploring How Memory-Mapped Files Hide From AV and Execute Malicious Code
Overview
Syllabus
MMFML: Exploring How Memory-Mapped Files Hide From AV and Execute Malicious Code
Taught by
Black Hat
Related Courses
-
Evading Code Emulation - Writing Ridiculously Obvious Malware That Bypasses AV
-
Defending Against Malicious Application Compatibility Shims
-
Malicious Documents Emerging Trends - A Gmail Perspective
-
Analyzing UEFI BIOSes from Attacker & Defender Viewpoints
-
O-Checker - Detection of Malicious Documents Through Deviation From File Format Specifications
-
PDF Attack - A Journey from the Exploit Kit to the Shellcode
