First Showing:
Delve into the realm of compiler tactics to navigate AV and EDR safeguards. Discover the potential of Cobalt Strike payloads to sidestep these security measures. Explore compilers like Clang++, LLVM, and G++, showcasing their role in reshaping security strategies.
By showcasing submissions aimed at diverse vendors, underscore the simplicity with which this shift can reintroduce invisibility to payloads. You’ll get sample code, enabling you to explore these strategies on your own.
Second Showing:
Shellcode loaders evolution has been interesting, however, some AV/EDR products have begun detecting the usage of direct and indirect syscalls in malware.
But what if we didn’t hard-code syscalls or even jump to a syscall region? This presentation is a deep dive into using a specific set of Windows callbacks working within their own thread pools.
Attendees should expect to learn how to call Windows APIs using ROP gadgets, basics of ROP, and why current detection mechanisms won’t work against this attack. This is the next evolution of calling Windows APIs in malware.
Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/antisyphon
in the #🍿anticasts-chat channel
Stay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com