Automated AV and EDR Evasion
Category: Penetration testing
Location: any
Contact:
Daniel Hulliger
In today’s pentest and red teaming engagements, AV and EDR solutions are one of the most common and annoying obstacles to gaining an initial foothold in the target systems.
Nevertheless, these solutions can usually be bypassed using sophisticated or customized malware/hacking tools. But this approach often takes a lot of time.
Objectives
The aim of the work is to automatically transform existing artifacts (source code, shellcode, binaries) in a way that they will bypass existing antivirus and EDR solutions. It is important that not only classic pattern matching but also behavioral detection is bypassed.
We are open with regard to the proposed approach, provided it contains sufficient novelty and is useful against modern AV and EDR solutions.
The secondary aim is to evaluate the AV and EDR solutions for their vulnerabilities in detecting the novel evasion strategies and to make recommendations for improvements.
Requirements
- Good understanding of malware and malware development.
- Good understanding of modern EDR techniques.
- Software development skills.
- Experience in reverse engineering.
- Mindset to learn the additional skills.