BSidesZagreb 2024
March 1, 2024
Josipa Marohnića 5 (SRCE)
Zagreb, Croatia
web: https://bsideszagreb.srce.hr/

Speaker: Zhassulan Zhussupov
Subject: Malware and Cryptography

Research in the field of bypassing AV solutions and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and C2 communicate encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed.

The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases. Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, etc. Discover new tricks from Russian APT29 related malware.

Practical implementation and simulation of APT attack and Ransomware simulation with using non popular cryptography algorithms. Practical reimplementation of Ransomware Decryptors.