Skip to content

BC-SECURITY/Beginners-Guide-to-Obfuscation

Repository files navigation

Evading Detection: A Beginner's Guide to Obfuscation

Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.

Objectives

  • Understand the use and employment of obfuscation in red teaming.
  • Demonstrate the concept of least obfuscation.
  • Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance.
  • Demonstrate obfuscation methodology for .NET payloads.

Recordings

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published