Infiltrate Security Conference OPEN CFP

TALK PROFILE
This CFP is not yet open - Check back soon!

Teaching An Old Shellcode New Tricks

Mitigation Bypass, Payload Development
45

Metasploit Windows x86/x86_64 shellcodes have been defeated by EMET and other techniques not only in exploit deployment but through using these shellcodes in non-exploitation situations (e.g. binary executable shellcode wrappers, PowerShell deployment, and MS Office macros,). This talk describes taking Metasploit payloads, removing Stephen Fewer's hash API stub, incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something that is harder to stop with bolt on mitigations.

Back to Open CFP
Rated 7 - 32 reviewers

Comments

Vasile

As someone really interested in shellcodes, I think we need an "update" on this subject.

iwahn.tabier

Sounds like an awesome talk Josh, good luck!

heyman666

Yet another great talk from Josh...Enjoyed this one..especially the bypass caller checks.

jash

I haven't given this talk anywhere yet...

wired33

Excellent talk on bypassing current protections and at a minimum making metasploit detection more difficult for AV :) -- full disclosure Josh has not presented this anywhere but we have discussed it over coffee!

j4ck

Already accepted for Recon Brussels: https://recon.cx/2017/brussels/ Why should it take the spot of another not-presented talk in this confrence?

jash

When I submitted to Infiltrate, REcon Brussels had not yet sent acceptance notices, in fact, I got it last week. I immediately let Infiltrate conference handlers know. That being said, if accepted, there will be an update for Infiltrate.

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: