Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
Microsoft is constantly adapting their security to counter new threats. Specifically, the introduction of the Microsoft Antimalware Scan Interface (AMSI) and its integration with Windows Defender has significantly raised the bar. In this hands-on class, we will learn the methodology behind obfuscating malware and avoiding detection. Students will explore the inner workings of Windows Defender and learn to employ AMSI bypass techniques and obfuscate malware using Visual Basic (VB) and Powershell. Then identify and evade sandbox environments to ensure the payloads are masked when arriving at the intended target. The final capstone will be tying all the concepts together.
In this workshop we will:
check Introduce AMSI and explain its importance
check Learn to analyze malware scripts before and after execution
check Understand how obfuscate code to avoid AMSI and Windows Defender
check Detect and avoid sandbox environments
