Metasploit Windows x86/x86_64 shellcodes have been defeated by EMET and other techniques not only in exploit deployment but through using these shellcodes in non-exploitation situations (e.g. binary executable shellcode wrappers, PowerShell deployment, and MS Office macros,). This talk describes taking Metasploit payloads, removing Stephen Fewer's hash API stub, incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something that is harder to stop with bolt on mitigations.Back to Open CFP
As someone really interested in shellcodes, I think we need an "update" on this subject.
Sounds like an awesome talk Josh, good luck!
Yet another great talk from Josh...Enjoyed this one..especially the bypass caller checks.
I haven't given this talk anywhere yet...
Excellent talk on bypassing current protections and at a minimum making metasploit detection more difficult for AV :) -- full disclosure Josh has not presented this anywhere but we have discussed it over coffee!
Already accepted for Recon Brussels: https://recon.cx/2017/brussels/ Why should it take the spot of another not-presented talk in this confrence?
When I submitted to Infiltrate, REcon Brussels had not yet sent acceptance notices, in fact, I got it last week. I immediately let Infiltrate conference handlers know. That being said, if accepted, there will be an update for Infiltrate.
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to firstname.lastname@example.org. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: