Skip to content

The RETurn of AMSI patching

Photo of Ryan
Hosted By
Ryan and Allison Z.
The RETurn of AMSI patching

Details

Join us for our monthly meetup! This month's talk is The RETurn of AMSI patching by Gary Lobermier! AMSI patching is still an important part of my playbook, but new detections have continued to make this difficult. Difficult means inefficient, and as red teamers, we need to move fast. That's why I like researching simple but effective techniques. In this talk, we'll go over a handful of remarkably simple AMSI patches that are still effective. I don't need Hardware Breakpoints with VEH SEH techniques, or CLR Method overwrites. The reality is that simple byte patching is often enough, and we'll go over several. This session is designed for red teamers, malware developers, and security researchers looking for practical, low-effort methods to bypass AMSI and ETW without diving into overly complex evasion techniques.

Gary Lobermier is a Red Teamer and Penetration Tester He has led numerous successful Red Team engagements and has a proven track record of identifying vulnerabilities and implementing effective security measures. Outside of his professional endeavors, Gary is passionate about music and enjoys playing guitar. He is also a dedicated cat dad and spends his free time tinkering with 3D printers to create innovative projects. When he's not at Cyber Conferences, you'll likely find Gary working remotely from his Class B Van, exploring new locations while staying connected to the cybersecurity community.

Photo of DC608 group
DC608
See more events
Aftershock Classic Arcade
1444 E Washington Ave · Madison, WI
Google map of the user's next upcoming event's location
FREE