Andrew King is a recent graduate. He has been a hobbyist for many years, but has only recently tried to transition into information security as a job field. A previous talk was given at ToorCon on polymorphism as it relates to definitions. He wrote a set of articles demonstrating implementation of simple internal to function encoding and decoding. Additional code will be released to demonstrate automation of binary patching to use this method without using a debugger. It is not a fully functional evasion tool, but it does demonstrate pushing this level of obfuscation into a more automated arena. Adding a couple of small code sections could turn this in to a usable evasion tool. Twitter: @aking1012
Appearing at: