BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Antisyphon Training - ECPv6.15.20//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:Antisyphon Training
X-ORIGINAL-URL:https://www.antisyphontraining.com
X-WR-CALDESC:Events for Antisyphon Training
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20220313T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20221106T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20230312T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20231105T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20240310T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20241103T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20231011T120000
DTEND;TZID=America/New_York:20231011T130000
DTSTAMP:20260505T050411
CREATED:20240910T163250Z
LAST-MODIFIED:20240910T163251Z
UID:10000632-1697025600-1697029200@www.antisyphontraining.com
SUMMARY:Anti-Cast: Tales of AV/EDR Bypass - Double Feature with Greg Hatcher and John Stigerwalt
DESCRIPTION:First Showing:Delve into the realm of compiler tactics to navigate AV and EDR safeguards. Discover the potential of Cobalt Strike payloads to sidestep these security measures. Explore compilers like Clang++\, LLVM\, and G++\, showcasing their role in reshaping security strategies. \n\n\n\nBy showcasing submissions aimed at diverse vendors\, underscore the simplicity with which this shift can reintroduce invisibility to payloads. You’ll get sample code\, enabling you to explore these strategies on your own. \n\n\n\nSecond Showing:Shellcode loaders evolution has been interesting\, however\, some AV/EDR products have begun detecting the usage of direct and indirect syscalls in malware. \n\n\n\nBut what if we didn’t hard-code syscalls or even jump to a syscall region? This presentation is a deep dive into using a specific set of Windows callbacks working within their own thread pools. \n\n\n\nAttendees should expect to learn how to call Windows APIs using ROP gadgets\, basics of ROP\, and why current detection mechanisms won’t work against this attack. This is the next evolution of calling Windows APIs in malware.  \n\n\n\nChat with your fellow attendees in the Antisyphon Discord server:https://discord.gg/antisyphonin the #🍿anticasts-chat channel \n\n\n\nStay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com
URL:https://www.antisyphontraining.com/event/anti-cast-tales-of-av-edr-bypass-double-feature-with-greg-hatcher-and-john-stigerwalt/
CATEGORIES:Anti-Cast
ATTACH;FMTTYPE=image/png:https://www.antisyphontraining.com/wp-content/uploads/2024/09/Tales-of-AV_EDR-Bypass-Double-Feature_Greg-Hatcher-John-Stigerwalt.png
END:VEVENT
END:VCALENDAR