zhassulan zhussupov

RnD Engineer at MSSP.global, Kazakhstan

Session Title: Malware AV evasion tricks. New Cryptography in Malware

Research in the field of bypassing AV solutions and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload encryption. Practical research has been carried out: the results of using encryption algorithms TEA, Madryga, RC5, A5 / 1, Z85, DES, etc. have been research. The application of cryptography based on elliptic curves is also being research. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some practical cases, we get FUD malware (PoC). At the time of the research bypassed AV Kaspersky, Windows Defender. ESET NOD32

Cybersecurity enthusiast, CTF player.
Author of Malware development MD MZ book: https://cocomelonc.github.io/book/2022/07/16/mybook.html
Author of Websec blog: https://websec.nl/blog
HVCK magazine contributor: https://hvck-magazine.github.io/