Davide Fontana
Davide Fontana is a Master's degree student in Cybersecurity at the University of Sapienza in Rome, currently writing his final thesis, with a passion for reverse engineering and malware analysis. He holds a bachelor's degree in Information Technology from the University of L'Aquila, Italy.
Session
This workshop explores adversary emulation activities, focusing on creating false flags to mimic real attacks. Using Microsoft Defender as a case study, we analyze signature formats to create samples that trigger specific detections. Participants will learn how to generate working samples which triggers specific detection gaining insights into Windows Defender's signature mechanisms.
Full write up: https://retooling.io/blog
Prerequisites:
A Windows virtual machine and download the following material
https://github.com/t0-retooling/defender-recon24/
.