Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 4 au 6 juin 2014.

Catch Me If You Can - A Compilation Of Recent Anti-Analysis In MalwareMarion Marschalek

Date : 04 juin 2014 à 16:45 — 45 min.

Malware versus analyst is an ongoing war for about more than a decade. In a time where persistance is a vital part of any advanced threat the art of evasion from detection, analysis and dissection is crucial. This talk aims to provide insight in some of the latest techniques spotted in in-the-wild malware of the everyday battle field, including Upatre, Miuref and Citadel. Presented techniques vary from breakpoint detection, heap structure abuse to full blown Visual Basic crypters and adequate countermeasures to aid the analyst's chances in the combat.