Teaching An Old Shellcode New Tricks

Author(s): Josh Pitts
Category: Mitigation Bypass, Payload Development
Duration: 45
Summary: Metasploit Windows x86/x86_64 shellcodes have been defeated by EMET and other techniques not only in exploit deployment but through using these shellcodes in non-exploitation situations (e.g. binary executable shellcode wrappers, PowerShell deployment, and MS Office macros,). This talk describes taking Metasploit payloads, removing Stephen Fewer's hash API stub, incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something that is harder to stop with bolt on mitigations.

Likes: 1



As someone really interested in shellcodes, I think we need an "update" on this subject.


Sounds like an awesome talk Josh, good luck!


Yet another great talk from Josh...Enjoyed this one..especially the bypass caller checks.


I haven't given this talk anywhere yet...


Excellent talk on bypassing current protections and at a minimum making metasploit detection more difficult for AV :) -- full disclosure Josh has not presented this anywhere but we have discussed it over coffee!


Already accepted for Recon Brussels: https://recon.cx/2017/brussels/ Why should it take the spot of another not-presented talk in this confrence?


When I submitted to Infiltrate, REcon Brussels had not yet sent acceptance notices, in fact, I got it last week. I immediately let Infiltrate conference handlers know. That being said, if accepted, there will be an update for Infiltrate.