Evasion Tactics in Malware from the Inside Out presented at BSidesPhiladephia 2019

by Lenny Zeltser,

Summary : The session explains how malware evades detection and why specific tactics are effective in the wild. It does this in a unique way by teaching practical skills for analyzing malware to determine how the specimen bypassed defenses. The presentation begins with the discussion of the objectives of evasion, which include bypassing anti-malware controls and stays under the radar of vendors and analysts. By understanding how evasion works and learning how to recognize its characteristics in malicious code, we can derive actionable threat intel and fortify defenses. The session continues by examining 3 types of evasion techniques: tool avoidance, memory injection and malicious documents. The session concludes by summarizing the evasion methods and malware analysis techniques it covered and explains how attendees can use the presentation materials to walk through the demos later in their own lab to practice these skills.