2024-07-20 –, Track 2
Malicious actors continually refine their techniques to evade detection by antivirus (AV) software. In this session, we will delve into the sophisticated methods cybercriminals use to circumvent traditional AV defenses, showcasing the ongoing battle between attackers and defenders. This talk aims to provide a detailed understanding of contemporary AV evasion tactics and practical strategies for strengthening security postures against these advanced threats.
The ever-evolving nature of cyber threats requires continuous adaptation and innovation in defense strategies. By understanding and anticipating the tactics used by malicious actors to evade antivirus tools, security personnel can better protect their organizations against these sophisticated threats. Join this talk for an in-depth look at antivirus evasion techniques and discover how to fortify your defenses in an increasingly hostile cat-n-mouse cyber environment.
Key highlights:
Understanding Antivirus Mechanisms:
The talk will start by exploring how antivirus software operates, including signature-based detection, heuristic analysis, and behavioral monitoring. Understanding these mechanisms is crucial to comprehending how they can be circumvented.
Common Evasion Techniques:
Obfuscation
Packers and Crypters
Fileless Malware
Living off the Land (LotL)
Advanced Techniques and Real-World Examples:
Reflective DLL Injection
Command and Control (C2) Evasion
Case Studies + demo:
The talk will analyze recent high-profile attacks where AV evasion played a critical role. These case studies will illustrate the practical application of the techniques discussed and highlight lessons learned from these incidents. The demo will then show how legitimate software can be abused to evade AV.
Defensive Strategies and Best Practices:
Finally, there will be actionable recommendations for enhancing detection and response capabilities. This includes adopting advanced threat detection tools, employing behavioral analytics, and integrating threat intelligence to stay ahead of evolving evasion techniques.
Marvin is a seasoned consultant and security architect. He has a strong passion for helping organizations succeed in their cybersecurity programs. He has led many projects in both the private and public sector, architecting and building Security Operations and Intelligence capability; unifying tools, processes and people.
He is currently based in the nordics and uses his expertise to help organizations throughout EMEA, on how best they can create security value in their organizations.