Presented at
Summercon 2018,
June 29, 2018, 4 p.m.
(50 minutes).
Windows Defender Antivirus' MpEngine.dll implements the core of Defender's functionality in an enormous ~11 MB, 30,000+ function DLL. Based on months of personal research time spent reverse engineering Defender, I'll cover my findings on Defender's dynamic analysis systems, custom tooling that I built to enable my analysis, and various ways that malicious code can give Defender trouble.
Presenters:
-
Alexei Bulazel
Alexei Bulazel (@0xAlexei) is a security researcher at ForAllSecure. He also provides expertise on reverse engineering and cyber policy at River Loop Security. Alexei has previously presented his research at venues such as Black Hat, REcon Brussels, and ShmooCon, among others, and has published scholarly work at the USENIX Workshop on Offensive Technologies (WOOT) and the Reversing and Offensive-oriented Trends Symposium (ROOTS). A graduate of Rensselaer Polytechnic Institute (RPI) and a proud alumnus of RPISEC, Alexei completed his MS under Dr. Bülent Yener.
@0xAlexei
Links:
Similar Presentations: