Teaching An Old Shellcode New Tricks

Author(s): Josh Pitts
Category: Mitigation Bypass, Payload Development
Duration: 45
Summary: Metasploit Windows x86/x86_64 shellcodes have been defeated by EMET and other techniques not only in exploit deployment but through using these shellcodes in non-exploitation situations (e.g. binary executable shellcode wrappers, PowerShell deployment, and MS Office macros,). This talk describes taking Metasploit payloads, removing Stephen Fewer's hash API stub, incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something that is harder to stop with bolt on mitigations.

Likes: 1

Comments

Vasile

As someone really interested in shellcodes, I think we need an "update" on this subject.


iwahn.tabier

Sounds like an awesome talk Josh, good luck!


heyman666

Yet another great talk from Josh...Enjoyed this one..especially the bypass caller checks.


jash

I haven't given this talk anywhere yet...


wired33

Excellent talk on bypassing current protections and at a minimum making metasploit detection more difficult for AV :) -- full disclosure Josh has not presented this anywhere but we have discussed it over coffee!


j4ck

Already accepted for Recon Brussels: https://recon.cx/2017/brussels/ Why should it take the spot of another not-presented talk in this confrence?


jash

When I submitted to Infiltrate, REcon Brussels had not yet sent acceptance notices, in fact, I got it last week. I immediately let Infiltrate conference handlers know. That being said, if accepted, there will be an update for Infiltrate.