Revisiting the Art of Encoder-Fu for novel shellcode obfuscation techniques
| Key | Action |
|---|---|
| K or space | Play / Pause |
| M | Mute / Unmute |
| C | Select next subtitles |
| A | Select next audio track |
| V | Show slide in full page or toggle automatic source change |
| left arrow | Seek 5s backward |
| right arrow | Seek 5s forward |
| shift + left arrow or J | Seek 10s backward |
| shift + right arrow or L | Seek 10s forward |
| control + left arrow | Seek 60s backward |
| control + right arrow | Seek 60s forward |
| shift + down arrow | Decrease volume |
| shift + up arrow | Increase volume |
| shift + comma | Decrease playback rate |
| shift + dot or shift + semicolon | Increase playback rate |
| end | Seek to end |
| beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Creation date:
July 7, 2021Number of views:
37 (this month: 2)Speakers:
Harpreet Singh & Yashdeep SainiLicense:
CC BY-SA v4Description
This talk is based around the process of building encoders for shellcodes in this day and age where we are surrounded with NextGen Firewalls, IDS/IPS, and EDR solutions and ever releasing AV detection models (signature & behavior-based detection techniques) incorporating Machine Learning artifacts. Despite the implementation of security controls, some of the forgotten methods of obfuscation works wonders to bypass the latest security mechanism.
Idea is to develop an understanding of obscure assembly instructions and to be able to associate with the common trends in place in automative tools. The talk focuses on building the ability to see current patterns, trends in evasion, and detection methodologies that also include advanced "one-way" shellcode and multi-stage payloads that can evade defenses.
The talk also includes a deep dive into the idea of obfuscation of shellcodes and executables as deliverables/payloads and focusing on techniques categorically - Basic encoding, Morphing/partial-morphing, Cross-compilation, Polymorphism vs Encrypted and Mutated encoders
At the end of the talk, we will also cover the analysis of publicly available encoders from MSF that are used in common offensive tradecrafts shows how the fundamentals mentioned above make them relevant in modern attack scenarios.
Harpreet is the author of "Hands-On: Web Penetration Testing with Metasploit" and "Hands-On: Red Team Tactics" published by Packt Publishing who has more than 8 years of experience in the field of Ethical Hacking, Penetration Testing, vulnerability research & Red Teaming. He is also a certified CRTP (Certified Red Team Professional), OSCP (Offensive Security Certified Professional) & OSWP (Offensive Security Wireless Professional). Over the years of his experience, Harpreet has acquired the Offensive skill set as well as the Defensive skill set. He is a professional who specializes in Wireless & network exploitation including but not limited to Mobile exploitation, Web Application exploitation and he has also performed few Red Team Engagements in Banks & Financial Groups.
Yashdeep loves to play with system internals and low level exploitation ideas with couple of years of experience with Appsec/Prodsec/Redteaming/VAPT.
Other media in the channel "2021"
35 viewsMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
24 views, 1 this monthORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
10 viewsIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
13 viewsATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for ContainersJuly 7th, 2021
23 views, 1 this monthSecurity alerting made easy using PythonJuly 7th, 2021
11 viewsHome-Made Distributed BlocklistJuly 7th, 2021