What if the key to stopping malware was hidden inside the malware itself? In this talk, we will explore the concept of malware vaccines—leveraging the techniques malware uses for self-preservation to turn the tables on attackers. By analyzing how malware checks its execution environment—whether through sandbox evasion, mutex creation, process enumeration, or infection markers—we can craft countermeasures that trick malware into aborting its execution before it ever deploys its payload.
We will demonstrate this approach using Rhadamanthys, RansomHub, and MintsLoader, showcasing real-world examples of how defenders can manipulate malware’s paranoia to create lightweight, proactive defenses. Attendees will walk away with a deeper understanding of how adversaries safeguard their malware and how we can weaponize those same artifacts to create pre-infection shields—effectively making systems immune before the malware even has a chance to strike.
