Рет қаралды 5,239
In this Briefing, we will review several types of known AMSI-bypass techniques and mechanisms. We will discuss existing and potential approaches of detecting those bypasses or eliminating the attack-surface which makes them possible. In addition, we will suggest a new approach for research on abusing AMSI design and introduce a new, undocumented and undetected, bypass technique based on patching the AMSI providers’ code rather than the amsi.dll.
By: Maor Korkos
Full Abstract & Presentation Materials: www.blackhat.c...