What is This, I Don't Even…

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 12:30 p.m. (20 minutes)

This talk will focus on the ways advanced obfuscation and runtime packing techniques are used in the construction of server side, web based malware as well as provide examples in the form of malware that exist and are being actively deployed in the wild. At the end of the talk I will also discuss how these "relatively easy to use tricks" are still getting past most web scanners and disclose some home brew techniques for hiding future generations of web based malware that include features designed specifically to avoid detection from automated external web scanners and other pen-test tools.


  • Vyrus
    Vyrus has no known super powers. He is extremely intelligent and has a firm grasp of chemical engineering and weapon design, which he uses to create various instruments of terror, death, and criminal hilarity, if only to Vyrus. He is responsible for countless deaths and is a highly dangerous individual. His mental state is completely unstable. He is highly insane and is a regular in [redacted institution for the criminally insane]. Vyrus will at one time be mischievous and funny, but at other times be violent, brutal, and cruel. There seems to be no cure for Vyrus?s insanity.

Similar Presentations: