Obfuscation Reloaded: Modern Techniques for Evading Detection
Event description
Obfuscation Reloaded: Modern Techniques for Evading Detection
Level of Instruction: Intermediate
Instructed by: Jake "Hubble" Krasnov, Vincent "Vinnybod" Rose, Gannon "Dorf" Gebauer, Rey "Privesc" Bango
Abstract:
As defenders evolve with more sophisticated detection strategies, red teamers must innovate to remain effective. This intermediate hands-on workshop delves into modern obfuscation techniques, bypass strategies, and OPSEC considerations that reflect the current threat landscape. Participants will explore how Microsoft's Antimalware Scan Interface (AMSI), Defender, and Event Tracing for Windows (ETW) are being leveraged by defenders and how to navigate around them.
You'll walk away with an understanding of the real-world effectiveness of techniques like string encryption, runtime compilation, sandbox evasion, and how minimalistic evasion ("least obfuscation") helps evade both machine learning and heuristic-based detections. Attendees will use PowerShell, C#, and open-source tooling to build and test evasive payloads in a lab setting.
In this workshop, attendees will:
1. Learn to identify and break static and dynamic detection signatures.
2. Employ least-obfuscation strategies and runtime evasion.
3. Build AMSI and ETW bypasses using up-to-date PowerShell and C# techniques.
4. Understand P/invoke and API hooking
5. Evaluate how defenders log and detect activity and design code to stay under the radar.
Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity
