Defeating Malware Evasion: Techniques and Countermeasures

Presented at DEF CON 33 (2025), Aug. 9, 2025, 2 p.m. (240 minutes).

This workshop is designed to give students the skills they need to identify and defeat common evasion techniques used by malware. It’s broken up into three hands-on modules where students will work with a range of open-source (or otherwise free) tools to dig into malicious code, examine different evasion techniques, and learn how to circumvent them to better understand how the malware operates. We’ll be using a mix of instructor-created malware samples—with full source code provided so students can analyze both the binary and the code side-by-side—and real-world samples found in the wild. By the end of the workshop, students will walk away with several malware samples, pages of code to keep digging into on their own, and a solid toolkit of techniques for breaking through typical anti-analysis and evasion tricks used in modern malware.

Presenters:

• Kyle "d4rksystem" Cucci - Staff Security Research Engineer @ Proofpoint
  Kyle Cucci is a malware analyst and detection engineer with Proofpoint’s Threat Research team. Previously, he led the forensic investigations and malware research teams at a large global bank. Kyle is the author of the book "Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats" and is a regular speaker at conferences, speaking on topics like malware analysis, offensive security, and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling, research, and blogging.
• Randy Pargman - Director, Threat Detection @ Proofpoint
  Randy leads threat detection and engineering teams at Proofpoint, using custom dynamic sandbox systems to detect evasive malware and phishing threats that target customers around the world. He previously led threat hunting and endpoint detection engineering at Binary Defense, and investigated botnets and other cyber criminal activities as a member of the FBI Cyber Action Team and Seattle Cyber Task Force. Randy currently volunteers as a digital forensic analyst with The DFIR Report, and organizes DEATHCon, a global conference for Detection Engineering and Threat Hunting workshops.

Similar Presentations:

• Black Hat USA 2012 / A Scientific (But Non Academic) Study of How Malware Employs Anti-Debugging, Anti-Disassembly and Anti-Virtualization Technologies
• Black Hat USA 2014 / Prevalent Characteristics in Modern Malware
• AppSec USA 2015 / Training (2 days) : Malware Crash Course