Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 2 p.m.
(240 minutes).
As defenders evolve with more sophisticated detection strategies, red teamers must innovate to remain effective. This intermediate hands-on workshop delves into modern obfuscation techniques, bypass strategies, and OPSEC considerations that reflect the current threat landscape. Participants will explore how Microsoft's Antimalware Scan Interface (AMSI), Defender, and Event Tracing for Windows (ETW) are being leveraged by defenders and how to navigate around them.
You'll walk away with an understanding of the real-world effectiveness of techniques like string encryption, runtime compilation, sandbox evasion, and how minimalistic evasion ("least obfuscation") helps evade both machine learning and heuristic-based detections. Attendees will use PowerShell, C#, and open-source tooling to build and test evasive payloads in a lab setting.
In this workshop, attendees will:
1. Learn to identify and break static and dynamic detection signatures.
2. Employ least-obfuscation strategies and runtime evasion.
3. Build AMSI and ETW bypasses using up-to-date PowerShell and C# techniques.
4. Understand P/invoke and API hooking
5. Evaluate how defenders log and detect activity and design code to stay under the radar.
Presenters:
-
Jake "Hubble" Krasnov
- Red Team Operations Lead and Chief Executive Officer at BC Security
Jake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
-
Rey "Privesc" Bango
- Security Consultant at BC Security
Rey "Privesc" Bango is a Principal Cloud Advocate at Microsoft and a Security Consultant specializing in red teaming at BC Security. At Microsoft, he focuses on empowering organizations to leverage transformative technologies such as Artificial Intelligence and Machine Learning, prioritizing trust, security, and responsible use. He is an experienced trainer and speaker, presenting and teaching at cybersecurity conferences, including Black Hat and DEF CON. His work continues to bridge the gap between cutting-edge technological advancements and the critical need for secure, ethical implementation in today's world.
-
Vincent "Vinnybod" Rose
- Confluent
Vincent "Vinnybod" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and automation. Recently, his focus has been on the reliability and stability of the Empire C2 server. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
-
Gannon "Dorf" Gebauer
Gannon "Dorf" Gebauer is a Security Consultant and Tool Developer at BC Security, specializing in threat intelligence, embedded system testing, and automation for range deployments. He has led teams through CyberPatriot, the USAF CTF that challenges participants in both defensive and offensive capabilities. Gannon is also an accomplished speaker and trainer, having delivered talks and training sessions at Black Hat, DEF CON, and Texas Cyber Summit.
Similar Presentations: