Call for round the year submissions for Rootconf in 2020

Call for round the year submissions for Rootconf in 2020

Submit a proposal at any time in the year on DevOps, infrastructure security, cloud, and distributed systems. We will find you a suitable opportunity to share your work.

Make a submission

Accepting submissions till 31 Dec 2020, 12:00 PM

##About Rootconf:

Rootconf is HasGeek’s annual conference -- and now a growing community -- around DevOps, systems engineering, DevSecOps, security and cloud. The annual Rootconf conference takes place in May each year, with the exception of 2019 when the conference will be held in June.

Besides the annual conference, we also run meetups, one-off public lectures, debates and open houses on DevOps, systems engineering, distributed systems, legacy infrastructure, and topics related to Rootconf.

This is the place to submit proposals for your work, and get them peer reviewed by practitioners from the community.

##Topics for submission:

We seek proposals -- for short and long talks, as well as workshops and tutorials -- on the following topics:

  1. Case studies of shift from batch processing to stream processing
  2. Real-life examples of service discovery
  3. Case studies on move from monolith to service-oriented architecture
  4. Micro-services
  5. Network security
  6. Monitoring, logging and alerting -- running small-scale and large-scale systems
  7. Cloud architecture -- implementations and lessons learned
  8. Optimizing infrastructure
  9. SRE
  10. Immutable infrastructure
  11. Aligning people and teams with infrastructure at scale
  12. Security for infrastructure

##Contact us:

If you have questions/queries, write to us on rootconf.editorial@hasgeek.com

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Vanshit Malhotra

@vanshit

ANTIVIRUS BYPASSING FOR FUN AND PROFIT

Submitted Apr 18, 2019

Why This Presentation?

Everyone uses Antivirus systems and believes in them to protect us against cyber threats. Antivirus systems are very important to us. They stand as the major protection mechanism for our computers and confidential data.

But how often do we test these systems for their capabilities?
Almost never as these Antivirus systems are sold only based on market/industry reputation and the security staff almost never test them for their capability. If you look from a penetration tester’s point of view, then fooling the Antivirus systems is
quiet easy and not more than a weekend job.

It took me a weekend of research and evades 57 Antivirus Engines. Bypassing Antivirus vendors is common task for malware authors.
This presentation is to motivate the Antivirus vendors and to make them aware of techniques used by malware coders to bypass their Systems. Also this is to motivate the IT security architects to not rely completely on the Antivirus engines to protect the end user.

What will I be presenting?

I will be taking the most well known and well detected shellcode from Metasploit framework:
shell_reverse_tcp
And use my tricks/techniques to bypass the Antivirus engines. The shellcode will remain the same but the way I execute it will change. Simply fooling the Antivirus Engines and bypassing it.

I will be using VirusTotal website to test the signature based malware detection. It has about 52 Antivirus engines to test the malware for Detection. Further I will be testing the detection for 3 Antivirus engines running on virtual machines to show Heuristics/behavioural evasion and Firewall bypass by the malware.

I will be bypassing Antivirus engines and their Detection mechanisms (Hash based detections, Signature based Detection, firewalls, Heuristics and sandbox analysis)

This presentation will be with a plenty of Live Demo. So look closely.

Outline

INTRODUCTION
TECHNIQUES TO BYPASS ANTIVIRUS ENGINES
ATTEMPT 0 : USING THE METASPLOIT GENERATED EXE TEMPLATE (METASPLOIT-SIMPLE-PAYLOAD.EXE)
ATTEMPT 1: USING A CUSTOM CODE TEMPLATE TO EXECUTE THE SHELLCODE (CUSTOM1.EXE)
ATTEMPT 2 : FINDING LOOPHOLES IN THE VIRTUALIZATION SYSTEM OF THE ANTIVIRUS ENGINES TO EXECUTE THE SHELLCODE(VIRT_BY_REV.EXE)
ATTEMPT 3: ENCRYPTING THE SHELLCODE(CUSTOMENC.EXE) AND ADDING SLEEP CALLS AND NOPS TO EVADE EMULATORS (CUSTOMENCSL.EXE)
ATTEMPT 4: ADDING NOP’S AND HEX EDITING (ENCODNP_XR.EXE) WITHOUT ANY FUNCTIONALITY LOSS
ATTEMPT 5 : CODE INJECTION (REMOTE_XOR_NETSTAT_GETPROC_SLEEP.EXE)
ATTEMPT 6: GHOST-WRITING AND USING METAMORPHIC CODE TO BYPASS ANTIVIRUS AND HEURISTIC DETECTION (FINAL.EXE)
Q/A
IMP: There will be lots of Live Demo’s for every step of Antivirus Bypassing

Speaker bio

Cyber Security Speaker | Consultant | Researcher | Trainer | Instructor | Mentor |

Vanshit Malhotra has bean a Cyber Security Researcher for more than 8 years and possess knowledge in all aspects of IT security testing and implementation with expertise in solution building for large organisations, managing cross-cultural teams and planning & execution of security needs beyond national boundaries. He is a cyber security Specialist, passionate about hacking, more for the intellectual challenge, curiosity & adventure.

Vanshit Malhotra has been an Investigator of Industrial Espionage, Insider Threats and numerous Cyber Crimes. He has also authored numerous published research papers, articles and blogs. He is a sought after public Speaker and Cyber Security Researcher, presenting his research at many international security conferences such as “HACKON-2016”, “HACKTECH 2017”, "National Cyber Safety and Security Standards (NCDRC) 2017”, “c0c0n X 2017”, ”HAKON 2017”, “OWASP Seasides 2019”.

In his current profile, he leads team super specialists in cyber security to protect various clients from Cyber Security threats and network intrusion by providing necessary solutions and services to institutions and organisations.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 31 Dec 2020, 12:00 PM

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more