DEF CON 30 - Kyle Avery - Avoiding Memory Scanners - Customizing Malware to Evade YARA, PE-sieve
Tired of obfuscating strings and recompiling to break signatures? Wish you could keep PE-sieve from ripping your malware out of memory? Interested in learning how to do all of this with your existing COTS or private toolsets? For years, reverse engineers and endpoint security software have used memory scanning to locate shellcode and malware implants in Windows memory. These tools rely on IOCs such as signatures and unbacked executable memory. This talk will dive into the various methods in which memory scanners search for these indicators and demonstrate a stable evasion technique for each method. A new position-independent reflective DLL loader, AceLdr, will be released alongside the presentation and features the demonstrated techniques to evade all of the previously described memory scanners. The presenter and their colleagues have used AceLdr on red team operations against mature security programs to avoid detection successfully. This talk will focus on the internals of PE-sieve, MalMemDetect, Moneta, Volatility malfind, and YARA to understand how they find malware in memory and how malware can be modified to fly under their radar consistently.

DEF CON 32 - Defeating EDR Evading Malware with Memory Forensics - Case, Sellers, Richard, et al.

DEF CON 30 - James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Fun with Shellcode (Loaders)

How Hackers Hide From Memory Scanners

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor

DEF CON 30 - Joseph Ravichandran - The PACMAN Attack: Breaking PAC on Apple M1 with Hardware Attacks

MalDev and Syscalls and BOFs, Oh My!

DEF CON 30 - Nikita Kurtin - Bypassing Android Permissions From All Protection Levels

Claude is your insider threat now - Dan Tentler - Security Fest 2026

Attacking AI - Jason Haddix - NDC Security 2026

New Memory Forensics Techniques to Defeat Device Monitoring Malware

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)

DEF CON 30 - Roger Dingledine - How Russia is trying to block Tor

DEF CON 30 - Michael Bargury - No-Code Malware - Windows 11 at Your Service

DEF CON 30 - Lennert Wouters - A Black-Box Security Evaluation of SpaceX Starlink User Terminal

CrikeyCon 2019 - Christopher Vella - Reversing & bypassing EDRs

DEF CON 30 - Omri Misgav - Running Rootkits Like A Nation-State Hacker

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl

