AMSI: This is not the NextGen Detection and Prevention you are looking for

Presented at Wild West Hackin' Fest 2018, Oct. 25, 2018, 10 a.m. (50 minutes)

With all of the talk of telemetry, big data analytics, machine learning, and artificial intelligence, it should be getting harder for attackers to build customized tools in order to gain code execution on impacted systems. The truth is, we’re still living in the era of signature-based detection with little hope for the future that any of these technologies will get any better or mature to help automate responses towards attacks. This talk will dive into the AntiMalware Scan Interface (AMSI) as well as other alternatives in the “NextGen” series of preventative measures and show how trivial it is to write code that doesn’t get snagged. The security market is focusing on open source data collection sources and security researchers as the main method to write signatures to detect attacks, much like what we saw in the 90s with traditional anti-virus tech. Not much has changed, let’s dive into the reality in security and how little these protective measures really do in the grand scheme of things. We’ll also be covering solid practices in defending against attacks, and what we should be focusing on.

Presenters:

• David Kennedy / ReL1K - Trusted Sec   as David Kennedy
  David Kennedy is the founder of TrustedSec, Binary Defense Systems, and DerbyCon. TrustedSec and Binary Defense are focused on the betterment of the security industry from an offense and a defensive perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, Unicorn, PenTesters Framework (PTF), and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David has also helped on the Mr. Robot TV show on hacker techniques. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Links:

• https://wwhf18.sched.com/event/EVqd/amsi-this-is-not-the-nextgen-detection-and-prevention-you-are-looking-for
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/Antimalware Scan Interface (AMSI).mp4
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/Antimalware Scan Interface (AMSI).eng.srt (subtitles)

Similar Presentations:

• Black Hat USA 2016 / AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
• DeepSec 2016 „Ten“ / AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That
• Black Hat Asia 2018 / Documenting the Undocumented: The Rise and Fall of AMSI