SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to write malware that evades detection

  • Tuesday, March 27, 2018 at 3:30 PM EDT (2018-03-27 19:30:00 UTC)
  • Adrian Taylor, Alissa Torres


  • Bromium

You can now attend the webcast using your mobile device!



Detection-based security tools don't work. Firewalls, sandboxes, anti-virus, NGAV and EDR these popular solutions all rely on detection, yet malware continues to slip through.

What does it take to fool them all? We'll look at the malware that's bypassing detection, from the painfully basic and obvious techniques to polymorphic innovation. We will take a deep dive on three obfuscation techniques and see how long they lasted in the malware field before the detection products started to spot them.

Bromium uses virtualization-based security to isolate and capture malware in a micro-virtual machine. Hardware-enforced application isolation allows the malware to fully execute, whether or not detection engines can spot it.

Speaker Bios

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Adrian Taylor

Adrian has a background in mobile and systems engineering. He joined Bromium in 2012; in that time, he's had responsibility for the process by which our VM images are built, future platforms and our management suite. More recently, he's managed the forensic introspection of Bromiumís VMs and monitoring product suite.

Outside work, Adrian likes to hide his nerdy interests in science and space by pretending to like mountain biking, rock climbing and snowboarding.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.