hack.lu

Malware AV evasion tricks. Cryptography in malware
10-16, 17:30–17:50 (Europe/Luxembourg), Salle Europe

Research in the field of bypassing AV solutions and the role of cryptography in malware development. Application of classical
cryptographic algorithms for payload and C2 communicate encryption. Practical research has been carried out: the results of
using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The
application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection
score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware.
Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.
Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, etc. Discover new tricks from Russian APT29 related malware.


Practical implementation and simulation of APT attack with using non popular cryptography algorithms. Using Hemming and
Reed-Solomon codes to check integrity of the payload and C2 connections

Software developer, ethical hacker and cyber security enthusiast, mathematician. Contributor of the malpedia
project. Love my wife and kids.
Author of popular malware development MD MZ book: https://cocomelonc.github.io/book/2022/07/16/mybook.html
Founder of MSSP LAB - https://mssplab.github.io/
Author of Websec B.V. blog - https://websec.nl/blog
HVCK magazine contributor - https://hvck-magazine.github.io/
Mosse Cyber Security Institute lib contributor - https://library.mosse-institute.com