Antivirus / Antimalware solutions on the endpoint are a staple in any organization’s security strategy. Their ability to detect and isolate malicious code is critical with phishing attacks being so prevalent. Antivirus vendors have worked to improve detection engines well-beyond the legacy signature-based detection methods, but the bad guys have a distinct advantage: they can test their wares against the good guys and come up with techniques to avoid detection.
Obfuscation and evasive techniques are rampant within attacks on an endpoint – from hiding code within Office or PDF documents, to malicious HTML code, to screensaver files, to encoding malicious scripts, the bad guys will go to any length to see their efforts pay off in the form of a successful attack.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat in this webcast, discussing the ongoing battle between AV vendors and cybercriminal techniques. Topics will include:
- The need to obfuscate: Why the bad guys must hide their efforts to be successful
- Where obfuscation and evasion play a role in an attack kill chain
- Real-world attack examples
- Mapping these attack techniques to the MITRE ATT&CK Framework
Nick will be joined by Ed Murphy, Senior Manager, Product Management, Security Business Unit at VMware, who will discuss why traditional AV can't keep up with the changing face of attack tactics and provide deep dive examples of obfuscation and evasion, including:
- Malicious code injection into a known-good process
- Using known-good processes to spawn a malicious child process
- Encode scripts into unreadable and seemingly benign text
- Living off the land using PowerShell to deliver ransomware
This real training for free event will be jam packed with technical detail and real-world application. Register today!