BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2024//8SHLGV
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2024-DMJEK9@cfp.nsec.io
DTSTART;TZID=EST:20240517T134500
DTEND;TZID=EST:20240517T141500
DESCRIPTION:Malware development and evasion techniques are becoming more di
 fficult each day. EDRs are implementing signature-based detection\, behavi
 our-based detection\, as well as entropy-based detection techniques. Shell
 code is often encoded/encrypted which can cause payloads to have high entr
 opy (randomness)\, therefore being detected and blocked by EDRs.\n \nThis 
 presentation is the journey of a red teamer - improving their tools with s
 imple techniques and learning about evasion and Windows internals along th
 e way. \n\nThrough this talk\, we will review the high-level theory behind
  evasion and present unique approaches to evasion techniques\, including e
 ntropy reduction and shellcode callbacks. We will present a novel tool to 
 reduce entropy via dictionary word shellcode encoding\, and use Windows ca
 llback functions to launch our shellcode.\n\nFurthermore\, an overview of 
 detecting these novel techniques will be discussed to help blue teamers in
  their jobs. Detection methods discussed include using YARA rules\, ETW\, 
 and PE file memory scanners.\n\nParticipants will benefit from this talk i
 n many ways. Red teamers can now immediately benefit from the tool\, which
  is publicly released\, along with C#/C++ Code samples. And Blue teamers c
 an learn how to better detect these advanced techniques.
DTSTAMP:20260311T220950Z
LOCATION:Ville-Marie
SUMMARY:Simplified Malware Evasion - Entropy and other Techniques - Will Su
 mmerhill
URL:https://cfp.nsec.io/2024/talk/DMJEK9/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-2024-H9XCML@cfp.nsec.io
DTSTART;TZID=EST:20240517T143000
DTEND;TZID=EST:20240517T150000
DESCRIPTION:Q&A Discussion for the red team block.
DTSTAMP:20260311T220950Z
LOCATION:Ville-Marie
SUMMARY:Red Team Q&A - Laurent Desaulniers\, Will Summerhill\, Charles F. H
 amilton (Mr.Un1k0d3r)
URL:https://cfp.nsec.io/2024/talk/H9XCML/
END:VEVENT
END:VCALENDAR