Course Summary
This class will explore the theory behind malware obfuscation, starting with an overview of Tactics, Techniques, and Procedures (TTPs) and ending with practical implementations targeting evasion of Defender and its Anti-Scan Malware Interface (AMSI). We will examine everything from standard variable obfuscation to control flow manipulation to data procedurization. As part of the study, we will explore how different obfuscation methods affect various data collection components such as Event Tracing for Windows (ETW), Defender, and PowerShell logs. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.
check Understand the use and employment of evasion techniques
check Demonstrate the concept of least obfuscation
check Demonstrate obfuscation methodology for .NET payloads