AthCon 2012 is now over and what a great event that was! Our talk this year, entitled “Packing Heat!”, described ways in which PE executables can be packed to evade AntiVirus (AV) detection during penetration tests.
Specifically, the talk presented a new type of packer; a packer that generates metamorphic executables. Each executable generated by this type of packer both looks different on-disk and behaves differently at runtime.
The presentation went on to explain how to build such a packer today, in 9 easy steps. This was followed by a live demo of a prototype implementation and an evaluation of its generated output against the AV engines provided by VirusTotal.
The talk concluded with a discussion on static & dynamic analysis techniques that could prove useful during the automatic analysis of metamorphic malicious executables.
Below you may find the presentation slides:
- Presentation slides (pdf)
I would like to thank the AthCon staff and sponsors for making this event possible, but also IOActive for throwing such a cool after-party!