Thursday 4 October 11:30 - 12:00, Red room
Alexei Bulazel (ForAllSecure)
Windows Defender's MpEngine.dll implements the core of Defender's anti-virus functionality in an enormous ~11MB, 45,000+ function DLL.
Attendees will take away insights as to how reverse engineers might approach their emulators, the sort of intuition about an attack surface that a vulnerability researcher might bring to this analysis, and ultimately how they might better protect against researchers like me in the future.
Alexei Bulazel is a security researcher at ForAllSecure. He has previously presented at research on reverse engineering anti-virus software at venues such as Black Hat, REcon, and ShmooCon, among others; and has published scholarly work on evasive malware techniques at USENIX WOOT and ROOTS. A graduate of Rensselaer Polytechnic Institute (RPI) and a proud alumnus of RPISEC, Alexei completed his M.S. under Dr Bülent Yener.
Martijn Grooten (Virus Bulletin)
Axelle Apvrille (Fortinet)
Minseok (Jacky) Cha (AhnLab)