Home / Series / BSides Las Vegas / Aired Order / Season 2014 / Episode 8

Evading code emulation: Writing ridiculously obvious malware that bypasses AV

Code emulation, a technology capable of detecting malware for which no signature exists. It’s a powerful step in the right direction for client security, but it’s a long way from mature. This talk will demonstrate how the code emulation engine in Anti-Virus Guard (AVG) can be reverse engineered by progressively testing its features, and ultimately evading detection. The result is a Command-and-Control (C&C) bot, in a non-obfuscated windows shell script, that AVG and many other leading AV engines will not detect. I will propose solutions on how these code emulation environments can be improved, making the detection of zero day malware far more successful going forward. This is not a jab against AVG, as they get enormous credit for including such a powerful tool in a free antivirus client.

English
  • Originally Aired August 5, 2014
  • Created July 23, 2019 by
    Administrator admin
  • Modified July 23, 2019 by
    Administrator admin
Name Type Role
Kyle Adams Guest Star