Rendering Ransomware Detection and EDR Products Blind
Rene Kolga at BSidesSLC 2020
This talk will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing ransomware protection technologiesI will review existing ransomware detection methods, the workflow of a typical ransomware and provide a live demo of RIPlace bypassing a number of anti-ransomware technologies.