Antonio Villani
Dr. Antonio Villani is the Co-Founder of RETooling. He is working full-time on the development of red-team and adversary emulation capabilities for his company. Previously he spent most of his time in the blueteam, reversing high level implants for top tier customers and providing detailed information to support cyber-defense and cyber threat intelligence teams. Now he analyzes complex implants to gain a deep understanding of the TTPs used by threat actors and to provide a high-quality reimplementation of them. As a researcher he published in top tier conferences and journals, and he participated in European research projects in the field of cyber resilience and data security. During his PhD he worked in the field of malware research and digital forensics.
Sessions
This workshop explores adversary emulation activities, focusing on creating false flags to mimic real attacks. Using Microsoft Defender as a case study, we analyze signature formats to create samples that trigger specific detections. Participants will learn how to generate working samples which triggers specific detection gaining insights into Windows Defender's signature mechanisms.
Full write up: https://retooling.io/blog
Prerequisites:
A Windows virtual machine and download the following material
https://github.com/t0-retooling/defender-recon24/
.