Red Team
AMSI patching is still an important part of my playbook, but new detections have continued to make this difficult. Difficult means inefficient, and as red teamers, we need to move fast. That's why I like researching simple but effective techniques. In this talk, we'll go over a handful of remarkably simple AMSI patches that are still effective. I don't need Hardware Breakpoints with VEH SEH techniques, or CLR Method overwrites. The reality is that simple byte patching is often enough, and we'll go over several. This session is designed for red teamers, malware developers, and security researchers looking for practical, low-effort methods to bypass AMSI and ETW without diving into overly complex evasion techniques.
Gary Lobermier is a Red Teamer and Penetration Tester He has led numerous successful Red Team engagements and has a proven track record of identifying vulnerabilities and implementing effective security measures. Outside of his professional endeavors, Gary is passionate about music and enjoys playing guitar. He is also a dedicated cat dad and spends his free time tinkering with 3D printers to create innovative projects. When he's not at Cyber Conferences, you'll likely find Gary working remotely from his Class B Van, exploring new locations while staying connected to the cybersecurity community.
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!
