2025-06-19 –, Main Stage
Loaders, integral tools in the malware ecosystem, have evolved from niche utilities to widely accessible commodities in underground markets, enabling threat actors to deploy payloads with ease. While cybersecurity efforts focus heavily on analyzing payloads, loaders, the mechanisms behind obfuscation and delivery, remain underexplored. This talk goes into the continuous battle between loaders innovations and cybersecurity defenses, highlighting techniques like in-memory execution and anti-analysis mechanisms that challenge detection solutions. Attendees will gain insights into the latest loader advancements, their impact on modern cyberattacks, and strategies for mitigating their threats, offering valuable perspectives for researchers and security professionals alike.
Crypters, also known as loaders or packers, have long been a staple in the malware landscape, continually evolving to keep pace with advancements in cybersecurity defenses. These tools are no longer niche; they have become commodities widely available for purchase or lease on underground markets. As a result, they’ve commercialized sophisticated malware deployment, enabling a wider range of threat actors to access advanced techniques that once required specialized skill. A single loader can deliver varied malicious payloads across different campaigns, underscoring their adaptability and utility in modern cyberattacks.
Despite substantial focus on analyzing and documenting payloads, crypters themselves remain an often overlooked aspect of malware distribution. This talk explores the ever-evolving arms race between malware developers and security vendors. The cybersecurity community has developed robust solutions such as signature-based detection, AI-driven threat dissection, code-reuse analysis, and behavioral monitoring, yet crypters have continuously evolved to evade these defenses through sophisticated techniques like in-memory execution and anti-analysis features.
We will dissect the latest solutions in this ongoing battle, examine how they’ve been overcome by recent crypter innovations, and discuss what’s next in this relentless cycle of offense and defense. This session promises valuable insights for researchers, security professionals, and anyone interested in understanding and mitigating the threat of crypters in modern cyber warfare.
Nicole Fishbein is a security researcher and malware analyst at Intezer who served as an embedded researcher in the Israel Defense Forces (IDF) Intelligence Corps. Nicole has been part of research discovering phishing campaigns, undetected malware, and attacks on Linux-based cloud environments.