Overview
Explore a comprehensive Black Hat conference talk on advanced malware packing techniques and anti-virus evasion strategies. Delve into the effectiveness of popular anti-virus solutions against unknown and obfuscated malware, with a focus on x86 and x64 architectures. Learn about the three main stages of malware detection: static, code emulation, and runtime. Discover new generic evasion techniques for each stage, implemented through an advanced packer. Examine two novel packing methods designed to render high-detection malware completely undetectable. Cover topics such as portable executable file format, reflective DLL injection, section tables, pack packing, resource packers, and various hooking techniques. Gain insights into the challenges faced by anti-virus solutions and the evolving landscape of malware development and detection.
Syllabus
Introduction
Agenda
About Us
What is packing
Why is packing useful
Portable executable file format
Program example
Reflective DLL Injection
Second Main Challenge
Section Tables
Pack Packing
Pack Packing Solution
Resource Packer
Interaction with Network
Interaction with Fault System
Instrumentation
Results
DT Hooking
Inline Hooking
Taught by
Black Hat