BloomTech’s Downfall: A Long Time Coming

Windows Defender - Demystifying and Bypassing ASR by Understanding the AV's Signatures

Windows Defender - Demystifying and Bypassing ASR by Understanding the AV's Signatures

Black Hat via YouTube Direct link

Signature format

18 of 28
Previous
Next

18 of 28

Signature format

Class Central Classrooms beta

YouTube playlists curated by Class Central.

Classroom Contents

Windows Defender - Demystifying and Bypassing ASR by Understanding the AV's Signatures

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 ASR: Attack Surface Reduction
  3. 3 Journey
  4. 4 Windows Defender 101
  5. 5 Exploring WD internals
  6. 6 WD: instrumentation
  7. 7 Test your skills!
  8. 8 Hunting for ASR rule implementation
  9. 9 Windows Defender signatures
  10. 10 Reading LUA scripts
  11. 11 ASR: Implementation?
  12. 12 ASR implementation. 2 way
  13. 13 ASR Test Tool: implementation
  14. 14 ASR: working test
  15. 15 ASR: exclusion
  16. 16 ASR: additional bypass
  17. 17 ASR: oddities
  18. 18 Signature format
  19. 19 Signatures modules
  20. 20 Specifics Threat
  21. 21 Signature: LUA
  22. 22 Signature: DBVAR
  23. 23 Signatures: update
  24. 24 Update rhythm
  25. 25 Update: oddities
  26. 26 Update: diffing - Friendly Files
  27. 27 Update diffing: C&C
  28. 28 Update diffing: unnecessary changes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.