Announcement

Collapse
No announcement yet.

Workshop Information: Introduction to Sandbox Evasion and AMSI Bypasses

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Workshop Information: Introduction to Sandbox Evasion and AMSI Bypasses

    Title: Introduction to Sandbox Evasion and AMSI Bypasses

    Instructor: Anthony “C01И” Rose, Jacob “Hubble” Krasnov, and Vincent "Halycon" Rose

    Abstract: Microsoft is constantly adapting their security to counter new threats. Specifically, the introduction of the Microsoft Antimalware Scripting Interface (AMSI) and its integration with Windows Defender has significantly raised the bar. In this hands-on class, we will learn the methodology behind obfuscating malware and avoiding detection. Students will explore the inner workings of Windows Defender and learn to employ AMSI bypass techniques and obfuscate malware using Visual Basic (VB) and Powershell. Then identify and evade sandbox environments to ensure the payloads are masked when arriving at the intended target. The final capstone will be tying all the concepts together.

    In this workshop we will:

    1. Introduce AMSI and explain its importance
    2. Learn to analyze malware scripts before and after execution
    3. Understand how obfuscate code to avoid AMSI and Windows Defender
    4. Detect and avoid sandbox environments

    Level: Beginner

    Pre-Requisites: None

    Required Materials: Students will need a laptop with VMWare or Virtualbox (installed and working).

  • #2

    Hello,
    I'm a PhD professor at The University of Virginia and McGaw Medical Center of Northwestern University.
    Just in case some students are looking for pdf materials:
    https://media.defcon.org/DEF%20CON%2...sion-Notes.pdf

    Comment

    Working...
    X