Race-2-Zero Unpacked

Presented at DEF CON 16 (2008), Aug. 10, 2008, noon (50 minutes).

Signaure-based Antivirus is dead, we want to show you just how dead it is. This presentation will detail our findings from running the Race-2-Zero contest during DC16. The contest involves teams or individuals being given a sample set of malicious programs to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses. Topics covered will include: An overview of the multi-AV engine interface Mutation / obfuscation techniques Statistical analysis of the time taken to circumvent various products Different approaches used by contestants Were viruses or exploits easier to obfuscate? Prize giving ceremony with celeb judging panel... prizes will be awarded for The most elegant solution Comedy value Dirtiest hack ... and most deserving of a beer

Presenters:

  • Simon Howard - Founder, Mince Research
    Simon Howard With a penchant for black t-shirts, jeans and the lyrical styling of Pantera, Simon has been touching computers ever since he can remember.

Links:

Similar Presentations: