This text will be used for the website and printed materials. In a nutshell, what your presentation will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use these paragraphs to tell people how technical the talk is, what tools will be used, what materials to read in advance to get the most out of your presentation. This abstract is the primary way people will be drawn to your session. Presentations that are submitted without abstracts (eg that have only ppt or white papers attached or only point to a URL) will not be considered.
Modern malware protection systems thoroughly and effectively break modern antivirus software. Simple obfuscations reduce the effectiveness of a scanner, and have been employed by malware authors to stay one step ahead of your AV software. The effect is that they are rendered useless, and you are at more risk. This talk will outline the usage of a hypervisor based deobfuscation engine that greatly improves the effectiveness of AV software. I will show how to make an end-run around some of the tricks that malware authors employ, producing better scanning results and defenses. The techniques we will show are hypervisor analysis, rebuilding imports from the Windows kernel data structures, and a new and improved original entry point detection system. Using techniques inspired by offensive rootkits, we have improved AV detection by as high as 45%.