PIC Your Malware

Explore advanced techniques for building and concealing custom offensive tools in this 45-minute conference talk from BruCON Security Conference. Delve into the world of operational security for red teamers and threat actors, learning how to stay ahead of blue team defenses. Examine popular PE loading techniques like Reflective DLLs and Donut/sRDI, and discover how position independent code (PIC) can be leveraged to avoid detectable memory artifacts. Gain insights into automated payload building and protection using a build server supporting multiple file formats and environmental crypting. Understand how defenders utilize exhaustive logging and Windows event correlation to identify malicious processes, and learn countermeasures such as handle duplication and custom PE loaders to evade Sysmon events. Enhance your knowledge of cutting-edge malware development and evasion strategies to improve your red teaming capabilities.

05 - BruCON 0x0D - PIC Your Malware! - Ben Heimerdinger and Sebastian Feldmann