I'm a script kiddie, bypassing your antivirus and EDR systems

Presented at Disobey 2024, Feb. 17, 2024, 11 a.m. (60 minutes).

What happens when a malware infects a machine? How good does a malware developer need to be in order to bypass an antivirus? How well can an EDR spot new malware threats? How can I get started experimenting with self-developed (safe?) malware? If you have ever asked any of these questions, I have answers for you. This presentation walks you through the process of script kiddie malware development, DLL sideloading malware technique and explains how the malware could be used against a victim. After the theory part I will share the results I have gotten from my testing with different AV and EDR systems. There is no one system that can save you, no matter the hype.

Presenters:

• Anne Hautakangas (Annenaattori)
  Anne works for Insta as an Account Director, but don't let that title fool you. She started her cyber security career in a team of pentesters and the experience fueled her fire to dive even deeper to the darker corners of the field on her freetime. Anne is driven by curiosity and is a firm believer of learning by doing. She also likes swords. Make of that what you will.

Links:

• https://disobey.fi/2024/profile/disobey2024-145-i-m-a-script-kiddie-bypassing-your-antivirus-and-edr-systems

Similar Presentations:

• ekoparty 14 (2018) / To Execute or Not to Execute. How to Build a Malware Execution Lab
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• DEF CON 31 (2023) / Malware development on secured environment - Write, adapt, overcome Workshop