Shopping Cart

No products in the cart.

Loading Events

« All Events

  • This event has passed.

Anti-Cast: Tales of AV/EDR Bypass – Double Feature with Greg Hatcher and John Stigerwalt

October 11, 2023 @ 12:00 pm 1:00 pm EDT

First Showing:
Delve into the realm of compiler tactics to navigate AV and EDR safeguards. Discover the potential of Cobalt Strike payloads to sidestep these security measures. Explore compilers like Clang++, LLVM, and G++, showcasing their role in reshaping security strategies.

By showcasing submissions aimed at diverse vendors, underscore the simplicity with which this shift can reintroduce invisibility to payloads. You’ll get sample code, enabling you to explore these strategies on your own.

Second Showing:
Shellcode loaders evolution has been interesting, however, some AV/EDR products have begun detecting the usage of direct and indirect syscalls in malware.

But what if we didn’t hard-code syscalls or even jump to a syscall region? This presentation is a deep dive into using a specific set of Windows callbacks working within their own thread pools.

Attendees should expect to learn how to call Windows APIs using ROP gadgets, basics of ROP, and why current detection mechanisms won’t work against this attack. This is the next evolution of calling Windows APIs in malware. 

Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/antisyphon
in the #🍿anticasts-chat channel

Stay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com