Mohamed Bedewi

DTS Solution - Senior Security Researcher and Penetration Tester

Senior Security Researcher and Penetration Tester at DTS Solution with more than 13 years of technical experience, he has worked with sensitive governmental entities, banks, colleges, major telecommunication providers, power and energy providers, transportation authorities, his main area of interest is web application security, SCADA/ICS penetration testing, application exploitation, social engineering and physical security. Expert in almost every operating system, deep and detailed understanding of all 7 OSI Layers, Unix and Linux user with years of in depth technical experience, malicious coder, exploitation ninja and capable of turning a very simple vulnerability into a nightmare, stealthy by default and even if you have the latest security mechanisms in place, you’ll always find him lurking around looking for new vulnerabilities and exploits!

Crafting the Unavoidable

“Binary execution is one of the most reliable ways to compromise a system but not the most covert one since executables are suspicious by reputation also antiviruses and other host security controls will always inspect them for malicious functions by signature and/or behavior.

Over the time, there were quite a few creative attempts to lure innocent end-users to execute harmful binaries, for example social engineering but luckily most of these attempts fail in front of basic user awareness and a solid host security control.

In this presentation I will explain how modern antiviruses really work, how easily to trick and bypass them from the lowest possible level, I will also highlight the process of manually injecting the most evil payloads in the most innocent files while bypassing the most strict security controls.

Presentation @DefCamp 2016