Showing posts with label tostring. Show all posts
Showing posts with label tostring. Show all posts
Wednesday, June 16, 2010
Ultimate toString() override
As shown in my last talk on malware analysis, automatic malware detectors could be easily beaten by detecting their emulation layer. For example, malware could always use Function.toString() method to check if any function has been emulated by the sandbox. Today I raise the bar a little - we'll switch the toString() method in a way that is significantly harder to detect by malware authors.
Subscribe to:
Comments (Atom)