Techniques of Impeding Malware Detection and Analysis in PHP Scripts
Author: Grigory Zemskov
The talk addresses main techniques used by malware developers for hindering detection and analysis of their scripts: multiple encryption, obfuscation, code hiding, “mimicry”, hidden PHP function calls, etc. For each method, the speaker will consider scanner detection techniques, difficulties of implementation and identification (illustrated with examples). The list of tools for identification and reverse engineering will also be provided.
Grigory Zemskov is an information security specialist and the head of the Revisium. He architected and developed the AI-Bolit malware scanner. He graduated from the Nizhny Novgorod State Technical University specializing in automatic control systems. Previously he worked as Senior Developer at Tecom Group and Lead Architect in Teleca Russia.