Analyzing and Creating Windows Shellcode for Hackers
Event description
Analyzing and Creating Windows Shellcode for Hackers
Level of Instruction: Intermediate
Instructed by: Bramwell Brizendine, Austin Norby, Logan Cannan
Abstract:
Get ready to leap into the wild world of Windows shellcode! This fast-paced workshop covers how to analyze and create shellcode, using state-of-the-art tools. Intended for those with intermediate knowledge, this workshop will review x86 assembly; you will learn Windows internals, and advanced shellcoding techniques. You’ll learn how to dissect shellcode with x32Dbg or WinDbg and how to use the SHAREM shellcode emulator for deep analysis and disassembly.
After analyzing several samples, we’ll build our own shellcode, starting simple and moving on to intermediate multi-API shellcode. You will learn how to encode your shellcode, for evasion, and how to incorporate Windows syscalls directly into your shellcode, for extra stealth. Finally, we will cover converting DLLs to shellcode.
Expect to be made privy to a variety of shellcoding tips and tricks.
By the end, you’ll be able to:
• Quickly read and debug obfuscated shellcode;
• Implement GetPC techniques in shellcode;
• Chain WinAPIs to pass handles/pointers;
• Add direct Windows syscalls for stealth to shellcode;
• Convert DLLs to shellcode with sRDI.
Prep: Study x86 assembly and basic Windows debugging. We recommend a Windows VM with Windows Defender disabled, plus NASM, x32Dbg, WinDbg (classic), SHAREM, and ShellWasp.
Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity
