Talk

Why so optimized?

avril 25, 13:30 (CAMPUS)

In the ever-evolving landscape of cybersecurity, attackers are continuously exploring innovative techniques to outsmart security products and their detection mechanisms. This presentation offers a comprehensive exploration into a novel approach – the de-optimization of compiler-generated machine code instructions – to bypass security products without resorting to conventional evasion techniques.

The talk delves into how we can use mathematical methods such as arithmetic partitioning, logical inverse, polinomial ditribution, and logical partitioning, for re-creating the target binary by transforming its instructions. Through these mathematical approaches, the speaker demonstrates the capability to mutate or transform approximately 95% of the instructions, presenting a significant challenge to traditional static rule-based detection mechanisms employed by security products.

Notably, this presentation introduces a paradigm shift by showcasing the effectiveness of de-optimization tricks in circumventing security measures without the reliance on self-modifying code and Read-Write-Execute (RWE) memory regions. Attendees will gain a deep understanding of the intricacies involved in the de-optimization process and how these techniques can be strategically employed to evade detection.

Speaker

ins-dummy-speaker

Ege Balci

Ege BALCI is a dedicated cyber security researcher who is currently working as Threat Intelligence Division Manager at PRODAFT. His main research areas include malware anti-detection, de-anonymization, exploit development, and reverse engineering. Throughout his career, Ege has successfully reported critical threats and vulnerabilities to large vendors, conducted multiple threat intelligence operations across the world, and taken a critical part in multiple forensic investigations. Additionally, he is an active member of the open-source community and has authored and contributed to various offensive security projects, such as Metasploit and Sliver. Ege is also a frequent speaker at several globally recognized cyber security conferences, including BotConf, HackInParis, Confidence, NopCon, Hackerconf, and more. His contributions to the industry have been recognized and appreciated by his peers.

Organized by

Technology partners

Partner events

Retour en haut