Atombombing and Other Obfuscation - Your EDR may be broken

Presented at DerbyCon 7.0 Legacy (2017), Sept. 24, 2017, 10 a.m. (50 minutes).

An informative talk about the Atombombing exploit in Windows, the reverse engineering of the many samples I have done and how this and other go unseen by EDRs. I have 18 years in the Information security industry. I work in security and I am a researcher by trade and hobby. I got my start in security in the US Marine Corps and I have achieved many certs and a fancy degree over the past years. I focus a lot of my time on Malware research and exploit mitigations. @hackerninja

Presenters:

• Martin Brough

Links:

• https://www.derbycon.com/sunday-schedule/#event-163

Similar Presentations:

• BSidesSF 2017 / AtomBombing: Injecting Code Using Windows’ Atoms
• BSides Austin 2017 / DridexV4: What's under the hood?