teaching old shellcode new tricks
play

Teaching Old Shellcode New Tricks REcon Brussels 2017 - PowerPoint PPT Presentation

Nov 30, 2022 •301 likes •1.36k views

Teaching Old Shellcode New Tricks REcon Brussels 2017 @midnite_runr Cest Moi US Marine (out in 2001) Wrote BDF/BDFProxy Co-Authored Ebowla Found OnionDuke Work @ Okta Twitter: @midnite_runr Why This Talk Its

  1. System Binaries/DLLs with LLAGPA or GPA in IAT LLAGPA GPA XPSP3 1300 5426 VISTA 645 26855 WIN7 675 48383 WIN8 324 31158 WIN10 225 50522

  2. API-MS-WIN-CORE*

  3. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API

  4. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7

  5. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL

  6. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL • Normally used in system dlls

  7. API-MS-WIN-CORE* • These files are the exposed implementation of the windows API • Existed since win7 • GPA is implemented via API-MS-WIN-CORE- LIBRARYLOADER-*.DLL • Normally used in system dlls • Can be called by userland applications via IAT parsing

  8. Because it is in…

  9. Because it is in… Kernel32.dll

  11. SAY AGAIN?

  12. SAY AGAIN? • We just need GPA in any DLL Import Table to access the entire windows API

  13. SAY AGAIN? • We just need GPA in any DLL Import Table to access the entire windows API • Since win7, GPA has been in Kernel32.dll Import Table

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11

TEACHING OLD COMPILERS NEW TRICKS TEACHING OLD COMPILERS NEW TRICKS Transpiling C ++ 17 to C ++ 11 Tony Wasserka Meeting C ++ @ fail _ cluez 17 November 2018 WHO AM I ? WHO AM I ? Berlin - based consultant : Workflow optimization , Code

973 views • 24 slides
The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks

The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks

W8 Concurrent Session Wednesday 11/12/2008 12:45 PM 2:15 PM The Agile PMP: Teaching an Old Dog New Tricks The Agile PMP: Teaching an Old Dog New Tricks Presented by: Mike Cottmeyer VersionOne Presented at: Agile Development Practices

646 views • 60 slides
Shellcode Shellcode A set of instructions injected and

Shellcode Shellcode A set of instructions injected and

Shellcode Shellcode A set of instructions injected and executed by exploited software Also called a payload Denoted as shellcode because

606 views • 49 slides
Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks with type providers Tomas Petricek Tomas Petricek University of Kent and The Alan Turing Institute http://tomasp.net tomas@tomasp.net @tomaspetricek

839 views • 38 slides
Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me Student Researcher at Cal Poly Pomona Learn by doing! Focus on Internet of Things and Embedded Devices Participate in CCDC, CPTC, and CTF

725 views • 71 slides
Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA

Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA

Teaching an old dog new tricks How data visualisation & design can be used by everyone SAMRA 2013 Cara Morris & Sarah Wocknitz 1 What to expect Introduction Timeline Why Data Visualisation? Inspiration Study Toolbox Conclusion

678 views • 42 slides
sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days (2004) load generation tool started as an internal project in High Performance Group @ MySQL AB the very first version written by Peter Zaitsev

367 views • 33 slides
sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days

sysbench 1.0: teaching an old dog new tricks Alexey Kopytov akopytov@gmail.com 1 The early days (2004) started as an internal project in High Performance Group @ MySQL AB the very first version written by Peter Zaitsev I took over shortly

773 views • 34 slides
Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its

Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its

Libreswan Teaching old code new tricks! Libreswan is an IKE (Internet Key Exchange) daemon. Its origins can be traced back to the 90s. But what is IKE and why should it run on NetBSD? BSDCan 2020 Andrew Cagney freenode.net #swan cagney

681 views • 40 slides
CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick

CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick

CI/CD FOR THE ENTERPRISE: TEACHING AN OLD DOG NEW TRICKS Open Infrastructure Summit 2019 Patrick Easters Sr. Software Applications Engineer May 1, 2019 THE PIPE DREAM CONTINUOUS CONTINUOUS INTEGRATION DELIVERY AUTOMATICALLY BUILD TEST

520 views • 26 slides
Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

White Hat Shellcode Workshop Didier Stevens Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop . First example: loading/unloading a DLL Start calc.exe Start procexp.exe (Process Explorer) and

471 views • 23 slides
Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native deployment Cloud native deployment Multi-repo DAG management Manage Airflow Variables with code through Terraform Airflow monitoring

478 views • 30 slides
TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a

TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a

TRICKS AND TRAPS OF THE CO-OPS ACT TRICKS AND TRAPS OF THE CO-OPS ACT THE NAME TRAP a proposed name for a co-operative can be reserved for 90 days before incorporation if you dont incorporate within 90 days, you cannot reserve

604 views • 38 slides
Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how

Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how

1 Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours did you spend? (<3h, 6h, 10h, >20h) Join Piazza An optional recitation at 5-6pm on every Wed (in Klaus 1447) Lab02

794 views • 25 slides
ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick

ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick

ShellNoob Because writing shellcode is fun, but sometimes painful Black Hat USA Yanick Fratantonio Arsenal 2013 UC Santa Barbara Who am I? PhD Student at UC Santa Barbara I play with the ShellPhish team What I do I like

506 views • 31 slides
Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas

Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas

Network-level Polymorphic Shellcode Detection using Emulation Michalis Polychronakis, Kostas Anagnostakis, and Evangelos Markatos Institute of Computer Science Foundation for Research and Technology Hellas Crete, Greece DIMVA06 - 13

771 views • 54 slides
Active Dividers Tilecal upgrade meeting at Valencia (19-21 November 2014) Franois Vazeille on

Active Dividers Tilecal upgrade meeting at Valencia (19-21 November 2014) Franois Vazeille on

Active Dividers Tilecal upgrade meeting at Valencia (19-21 November 2014) Franois Vazeille on behalf of Romo Bonnefoy, Michel Crouau (Now retired), Dominique Pallin, Christian Fayard, Marie-Lise Mercier, Eric Sahuc, Timothe

212 views • 9 slides
Warmup Find the voltage across and current through each resistor, using KVL, KCL and Ohm's law:

Warmup Find the voltage across and current through each resistor, using KVL, KCL and Ohm's law:

Time to mix it up: sit somewhere di ff erent today! Warmup Find the voltage across and current through each resistor, using KVL, KCL and Ohm's law: If you already know some shortcuts, don't use them just yet. 2k 42k R 1 R 3 12V R 2 12k

617 views • 22 slides
Staircases , dominoes and leaves : Bounds on gr(Av(1324)) David Bevan University of Strathclyde

Staircases , dominoes and leaves : Bounds on gr(Av(1324)) David Bevan University of Strathclyde

Staircases , dominoes and leaves : Bounds on gr(Av(1324)) David Bevan University of Strathclyde (Based on joint work with Robert Brignall , Andrew Elvey Price & Jay Pantone ) Permutation Patterns 2017 , Hsklinn Reykjavk, sland 29

562 views • 53 slides
MA111: Contemporary mathematics Jack Schmidt University of Kentucky November 7, 2012 Entrance

MA111: Contemporary mathematics Jack Schmidt University of Kentucky November 7, 2012 Entrance

. . MA111: Contemporary mathematics Jack Schmidt University of Kentucky November 7, 2012 Entrance Slip (due 5 min past the hour): 3 friends chip-in $12 each on a half-strawberry half-chocolate cake. One friend cuts the cake into three pieces.

368 views • 8 slides
= = > /! .

= = > /! .

239 views • 7 slides
Starting with CUDA Quote: With great power comes great responsibility. Summary How to install

Starting with CUDA Quote: With great power comes great responsibility. Summary How to install

Starting with CUDA Quote: With great power comes great responsibility. Summary How to install and setup CUDA in windows with Visual Studio 2010. Tutorial Overview Show you which files and how to configure Visual Studio to run CUDA simulations.

379 views • 5 slides
The .NET Profiling API OVERVIEW The .NET Profiler API is available since CLR/.NET Framework

The .NET Profiling API OVERVIEW The .NET Profiler API is available since CLR/.NET Framework

The .NET Profiling API OVERVIEW The .NET Profiler API is available since CLR/.NET Framework 1.0 A Profiler depends on the CLR and not on the .NET Framework Notable Features Assembly loading and unloading events

660 views • 14 slides
Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software why? Building modular software in Java in C++ in .NET Whos talking? @jbaruch 3 WTF IS MODULE? Module Modular

1.87k views • 158 slides

More recommend