Antivirus Evasion: Lessons Learned

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 28, 2013, 10 a.m. (50 minutes)

Over the past year, the speaker has spent alot of time talking with people in the infoSec Community and doing research on antivirus evasion techniques. Learning what works and what doesn’t. There are a lot of good ideas floating around out there. In this talk we’re going to pull those ideas all together. We’ll discuss the basics of the AV evasion problem, what techniques work, which ones don’t and why. The talk will have a particular focus on AV evasion as it relates to Metasploit payloads.

Presenters:

• David Maloney / thelightcosine   as David “thelightcosine” Maloney
  David “thelightcosine” Maloney is a Senior Software Engineer on the Metasploit team at Rapid7. Before that he was a Penetration Tester for some large Corporations, specializing in Web Applications and was a longtime contrutor to the Metasploit Framework. He is a member of the Corelan Security Team, and sort of an auxiliary member of the FALE locksport group. He is one of the founders of Hackerspace Charlotte in NC.

Similar Presentations:

• BSidesDC 2014 / Adventures in Asymmetric Warfare: Fighting the AV Vendors
• DeepSec 2014 „Do you want to know more?“ / Why Antivirus Software fails
• DerbyCon 3.0 All in the Family (2013) / Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken)