teaching old shellcode new tricks
play

Teaching Old Shellcode New Tricks REcon Brussels 2017 - PowerPoint PPT Presentation

Nov 30, 2022 •301 likes •1.36k views

Teaching Old Shellcode New Tricks REcon Brussels 2017 @midnite_runr Cest Moi US Marine (out in 2001) Wrote BDF/BDFProxy Co-Authored Ebowla Found OnionDuke Work @ Okta Twitter: @midnite_runr Why This Talk Its

  1. System Binaries/DLLs with LLAGPA or GPA in IAT LLAGPA GPA XPSP3 1300 5426 VISTA 645 26855 WIN7 675 48383 WIN8 324 31158 WIN10 225 50522

  2. API-MS-WIN-CORE*

  3. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API

  4. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7

  5. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL

  6. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL • Normally used in system dlls

  7. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL • Normally used in system dlls • Can be called by userland applications via IAT parsing

  8. Because it is in…

  9. Because it is in… Kernel32.dll

  11. SAY AGAIN?

  12. SAY AGAIN? • We just need GPA in any DLL Import Table to access the entire windows API

  13. SAY AGAIN? • We just need GPA in any DLL Import Table to access the entire windows API • Since win7, GPA has been in Kernel32.dll Import Table

Recommend

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11 Tony Wasserka Meeting C ++ @ fail _ cluez 17 November 2018 WHO AM I ? WHO AM I ? Berlin - based consultant : Workflow optimization , Code

973 views • 24 slides
The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks

The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks

W8 Concurrent Session Wednesday 11/12/2008 12:45 PM 2:15 PM The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks Presented by: Mike Cottmeyer VersionOne Presented at: Agile Development Practices

646 views • 60 slides
Shellcode Shellcode A set of instructions injected and

Shellcode Shellcode A set of instructions injected and

Shellcode Shellcode A set of instructions injected and executed by exploited software Also called a payload Denoted as shellcode because

606 views • 49 slides
Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks with type providers Tomas Petricek Tomas Petricek University of Kent and The Alan Turing Institute http://tomasp.net tomas@tomasp.net @tomaspetricek

839 views • 38 slides
Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me Student Researcher at Cal Poly Pomona Learn by doing! Focus on Internet of Things and Embedded Devices Participate in CCDC, CPTC, and CTF

725 views • 71 slides
Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA

Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA

Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA 2013 Cara Morris & Sarah Wocknitz 1 What to expect Introduction Timeline Why Data Visualisation? Inspiration Study Toolbox Conclusion

678 views • 42 slides
sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days (2004) load generation tool started as an internal project in High Performance Group @ MySQL AB the very first version written by Peter Zaitsev

367 views • 33 slides
sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days (2004) started as an internal project in High Performance Group @ MySQL AB the very first version written by Peter Zaitsev I took over shortly

773 views • 34 slides
Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its

Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its

Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its origins can be traced back to the 90s. But what is IKE and why should it run on NetBSD? BSDCan 2020 Andrew Cagney freenode.net #swan cagney

681 views • 40 slides
CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick

CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick

CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick Easters Sr. Software Applications Engineer May 1, 2019 THE PIPE DREAM CONTINUOUS CONTINUOUS INTEGRATION DELIVERY AUTOMATICALLY BUILD TEST

520 views • 26 slides
Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

White Hat Shellcode Workshop Didier Stevens Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop . First example: loading/unloading a DLL Start calc.exe Start procexp.exe (Process Explorer) and

471 views • 23 slides
Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native deployment Cloud native deployment Multi-repo DAG management Manage Airflow Variables with code through Terraform Airflow monitoring

478 views • 30 slides
TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a

TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a

TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a proposed name for a co-operative can be reserved for 90 days before incorporation if you dont incorporate within 90 days, you cannot reserve

604 views • 38 slides
Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how

Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how

1 Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours did you spend? (<3h, 6h, 10h, >20h) Join Piazza An optional recitation at 5-6pm on every Wed (in Klaus 1447) Lab02

794 views • 25 slides
ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick

ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick

ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick Fratantonio Arsenal 2013 UC Santa Barbara Who am I? PhD Student at UC Santa Barbara I play with the ShellPhish team What I do I like

506 views • 31 slides
Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas

Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas

Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas Anagnostakis, and Evangelos Markatos Institute of Computer Science Foundation for Research and Technology Hellas Crete, Greece DIMVA06 - 13

771 views • 54 slides
Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

1 Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did you spend? (<3h, 6h, 10h, >20h) Please join Piazza An optional recitation at 5-7pm on every Wed (in CoC 052 ) Lab02 is already

394 views • 26 slides
Waiter, theres a compiler in my shellcode! Not so loud, or everybody will want one! Josh

Waiter, theres a compiler in my shellcode! Not so loud, or everybody will want one! Josh

Waiter, theres a compiler in my shellcode! Not so loud, or everybody will want one! Josh Stone NolaCon, 2019 Waiter by Adrien Coquet from the Noun Project Introduction: Josh Stone 30 years programmer 19 years infosec 15 years married

742 views • 49 slides
Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure

Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure

Outline Threat modeling, contd Shellcode techniques CSci 4271W Development of Secure Software Systems Binary-level GDB commands and demo Day 5: Memory safety attacks In-person lab logistics reminders Stephen McCamant Project 1 bcimgview

1.17k views • 6 slides
ss 4 Cl Class CSC 472/583 Software Security System Call, Shellcode Dr. Si Chen

ss 4 Cl Class CSC 472/583 Software Security System Call, Shellcode Dr. Si Chen

ss 4 Cl Class CSC 472/583 Software Security System Call, Shellcode Dr. Si Chen (schen@wcupa.edu) System Call Page 2 System Call User code can be arbitrary User code cannot modify kernel memory The call mechanism switches code to

840 views • 17 slides
Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer Sebastian Witowski Sebastian Witowski 1 2 3 4 5 6 vs. vs. 7 8 dotles dotles .bashrc, .vimrc, .gitcong alias ..="cd

308 views • 15 slides
HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16, 2017 Agenda Onboarding Regular faculty TPTs System Updates New User Interface (update roll outs) Tips & Tricks

643 views • 14 slides
Carrots, Sticks and Other Smart Tricks Seth Blumsack Penn State University and Santa Fe

Carrots, Sticks and Other Smart Tricks Seth Blumsack Penn State University and Santa Fe

Carrots, Sticks and Other Smart Tricks Seth Blumsack Penn State University and Santa Fe Institute Other people whose tricks make me look smart: Paul Hines, Jason Clothiaux, Suman Gautam, Roger Mina Support from DOE and Green Mountain

353 views • 31 slides
Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Samuel Chevet Presentation Process Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr http://www.lse.epita.fr 12 February 2013 Why this talk ? Unpacking tips and tricks

439 views • 26 slides

More recommend