A DIFFERENT KIND OF CRYPTO: CRYPTO ALGORITHMS DESIGNED FOR PAYLOAD OBFUSCATION

No ratings

Presented at blackhatsummer 2014 by

Chris Schmitt

With signature-based anti-virus, many times payloads are encrypted. However, people often use standard algorithms such as AES. This is not necessarily the best way to hide a payload, as these algorithms can generate their own signatures -- thanks to some predictable behavior like permutation tables. The goal with payload obfuscation, however, is not to encrypt data (as the cleartext payload will be decrypted at some point), but it is to hide the payload. Therefore, we have taken other crypto methods and are going to show how they can be more effective at evasion. We are also going to talk about dynamic generation of various crypto algorithms to generate polymorphic payload crypters.