DESCRIPTION

In 2014 I released a paper about bypassing the Antivirus emulator mechanism. You can find the original paper here: https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf

This paper had a lot of traction (even ended on Wikileaks)

I would like to make a 10 year later followup to this paper. Show which bypass techniques work and which not, and show new techniques I found recently. We will also discuss the overall AV and EDR usage of dynamic analysis and and discuss which ones do it best.

WHY THE COMMITTEE CHOSE THIS TALK

Visibilty is key for the defenders. The attackers try not to be seen. It is essential to know the current state of the craft for all security staff.

SPEAKER

Emeric Nasi