Black Hat Briefings, Usa 2007 [audio] Presentations From The Security Conference.

It is important for the security professional to understand the techniques used by those they hope to defend against. This presentation focuses on the anti-forensic techniques which malware authors incorporate into their malicious code, as opposed to relying solely on an external rootkit. In addition to describing a number of known but scarcely documented techniques, this presentation will describe techniques which have never been observed through the presenter?s experience with incident response and malware reverse engineering. This presentation will also demonstrate a new technique for executing a malicious program directly from memory under unix. A new technique for avoiding entropy detection of packed or encrypted executables will also be discussed. This presentation will contain a great deal of highly technical content which covers the specifics of the techniques down to the machine instruction level. For the security professional/enthusiast with a limited technical background in this area, this prese