I had the opportunity to give a talk on malware obfuscation techniques this weekend at ToorCon XX, my talk was titled “Following a Trail of Confusion”. Here is the abstract:
Modern malware uses a wide variety of code obfuscation techniques to hide it’s true intentions and to avoid detection. In this talk, we’ll explore the latest in native code obfuscation techniques as well as a few techniques commonly used with interpreted languages. We will spend time discussing such methods as dynamically constructing import tables, hiding and using shellcode, packing, string obfuscation, use of virtual machines and other anti-analysis techniques. We’ll dig deep into the techniques by examining a wide variety of malware, including those used by nation-states. By the end of this talk you’ll have a technical understanding of how they work and how to defeat them!
Slides can be found here – it’s a little heavy on screenshots 🙂 Video will be linked as soon as posted.