Exploring How Memory-Mapped Files Hide From AV and Execute Malicious Code

Explore advanced techniques for hiding malicious code from antivirus software using memory-mapped files in this 33-minute Black Hat conference talk. Discover how researchers have progressed beyond simply storing malicious payloads to repeatedly identifying and utilizing specific memory addresses in memory-mapped files for code execution. Learn from security experts Ben Holder and Parker Crook as they demonstrate their findings and methodologies, providing valuable insights for both offensive and defensive cybersecurity professionals. Gain a deeper understanding of this sophisticated evasion technique and its potential implications for malware detection and prevention.

MMFML: Exploring How Memory-Mapped Files Hide From AV and Execute Malicious Code