We’re excited to have Moritz Thomas lead this session, after showcasing this topic at DEF CON and x33fcon.

This isn’t just another payload obfuscation talk – it’s the story of how we solved a real-world challenge: evading advanced EDRs during an assessment.

 What you’ll learn

• Live demos, including binary analysis with Ghidra  
• What is Shannon entropy, and how do EDRs use it for detection?
• How we hid stageless payloads in the PECOFF .text section
• How our custom open-source tool reduces file entropy to evade detection

Why attend?
Modern AV and EDR systems use a wide bandwidth of detection measures, one of which turned out to be simple yet annoying during our red team engagements: Shannon Entropy. Learn how this measure is used by AVs and EDRs and how we managed to come up with in innovative way of bypassing it. Moritz will walk you through x86-64 assembly, binary Shannon entropy, and reverse engineering techniques in a practical and engaging way.

The webinar will be held over Microsoft Teams. Register now to secure your free spot and forward this invite to your contacts!