Obfuscation and Polymorphism in Interpreted Code

by Kristopher L. Russo
Sept. 1, 2017 1 comment SANS Institute active defense

Malware research has operated primarily in a reactive state to date but will need to become more proactive to bring malware time to detection rates down to acceptable levels. Challenging researchers to begin creating their own code that defeats traditional malware detection will help bring about this change. This paper demonstrates a sample code framework that is easily and dynamically expanded on. It shows that it is possible for malware researchers to proactively mock up new threats and analyze them to test and improve malware mitigation systems. The code sample documented within demonstrates that modern malware mitigation systems are not robust enough to prevent even the most basic of threats. A significant amount of difficult to detect malware that is in circulation today is evidence of this deficiency. This paper is designed to demonstrate how malware researchers can approach this problem in a way that partners researchers with vendors in a way that follows code development fro...

https://www.sans.org/reading-room/whitepapers/activedefense/obfuscation-polymorphism-interpreted-...

Avatar
negrii_irina88 4 months, 3 weeks ago

i know that Polymorphism is often used in code obfuscation to improve the difficulty in reversing program to original status ...malware researchers have a good start to approach this issues

Reply