Signaure-based Antivirus is dead, we want to show you just how dead it is. This presentation will detail our findings from running the Race-2-Zero contest during DC16. The contest involves teams or individuals being given a sample set of malicious programs to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.
Topics covered will include:
An overview of the multi-AV engine interface
Mutation / obfuscation techniques
Statistical analysis of the time taken to circumvent various products
Different approaches used by contestants
Were viruses or exploits easier to obfuscate?
Prize giving ceremony with celeb judging panel... prizes will be awarded for
The most elegant solution
Comedy value
Dirtiest hack
... and most deserving of a beer
Simon Howard With a penchant for black t-shirts, jeans and the lyrical styling of Pantera, Simon has been touching computers ever since he can remember.