One Packer to Rule Them All

Explore a comprehensive conference talk that delves into the effectiveness of popular antivirus solutions against unknown and obfuscated malware. Discover empirically-derived results revealing the varying implementations of detection methods across different products, highlighting the disparity between x86 and x64 malware detection capabilities. Learn about the three main stages of malware detection: static detection, code emulation detection, and runtime detection. Gain insights into new generic evasion techniques for each stage, implemented through an advanced, dedicated packer. Examine two novel packing methods developed to evade antivirus detection. Understand how combining multiple evasion techniques can render high-detection-rate malicious executables completely undetectable by antivirus products.

BruCON 0x06 - One packer to rule them all - Arne Swinnen & Alaeddine Mesbahi