Antivirus May be Dead, but What Killed It?

Presented at Black Hat Europe 2017, Dec. 7, 2017, 10:55 a.m. (25 minutes)

Through the first three quarters of this year, up to 47% of malware detected by WatchGuard evaded signature-based protections. To explain how this could happen, we will walk through popular signature-evasion techniques, including code packing and polymorphism, and discuss how they help malware authors hide from traditional antivirus. Furthermore, we will show actual examples of these techniques in action with various malware samples. This talk will highlight the need for multi-layer security including behavioral-based malware detection.

Presenters:

• Marc Laliberte - Information Security Analyst, WatchGuard Technologies
  Marc Laliberte is an Information Security Analyst at WatchGuard Technologies. Specializing in networking security protocols, malware analysis, and Internet of Things technologies, Marc's day-to-day responsibilities include researching and reporting on the latest information security threats and trends. He has discovered, analyzed, responsibly disclosed and reported on numerous security vulnerabilities in a variety of IoT devices since joining the WatchGuard team in 2012. With speaking appearances at industry events and regular contributions to online IT, technology and security publications, Marc is a thought leader who provides insightful security guidance to all levels of IT personnel.

Links:

• https://www.blackhat.com/eu-17/sponsored-sessions/schedule/#antivirus-may-be-dead-but-what-killed-it-9292

Similar Presentations:

• VB2018 / Starving malware authors through dynamic classification
• Black Hat USA 2014 / Prevalent Characteristics in Modern Malware
• GrrCON 2018 / Do I have a signature to detect that malware?