Revisiting the Art of Encoder-Fu for novel shellcode obfuscation techniques
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | shift + comma |
Increase playback rate | shift + dot or shift + semicolon |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
This talk is based around the process of building encoders for shellcodes in this day and age where we are surrounded with NextGen Firewalls, IDS/IPS, and EDR solutions and ever releasing AV detection models (signature & behavior-based detection techniques) incorporating Machine Learning artifacts. Despite the implementation of security controls, some of the forgotten methods of obfuscation works wonders to bypass the latest security mechanism.
Idea is to develop an understanding of obscure assembly instructions and to be able to associate with the common trends in place in automative tools. The talk focuses on building the ability to see current patterns, trends in evasion, and detection methodologies that also include advanced "one-way" shellcode and multi-stage payloads that can evade defenses.
The talk also includes a deep dive into the idea of obfuscation of shellcodes and executables as deliverables/payloads and focusing on techniques categorically - Basic encoding, Morphing/partial-morphing, Cross-compilation, Polymorphism vs Encrypted and Mutated encoders
At the end of the talk, we will also cover the analysis of publicly available encoders from MSF that are used in common offensive tradecrafts shows how the fundamentals mentioned above make them relevant in modern attack scenarios.
Harpreet is the author of "Hands-On: Web Penetration Testing with Metasploit" and "Hands-On: Red Team Tactics" published by Packt Publishing who has more than 8 years of experience in the field of Ethical Hacking, Penetration Testing, vulnerability research & Red Teaming. He is also a certified CRTP (Certified Red Team Professional), OSCP (Offensive Security Certified Professional) & OSWP (Offensive Security Wireless Professional). Over the years of his experience, Harpreet has acquired the Offensive skill set as well as the Defensive skill set. He is a professional who specializes in Wireless & network exploitation including but not limited to Mobile exploitation, Web Application exploitation and he has also performed few Red Team Engagements in Banks & Financial Groups.
Yashdeep loves to play with system internals and low level exploitation ideas with couple of years of experience with Appsec/Prodsec/Redteaming/VAPT.
Other media in the channel "2021"
- 47 views, 1 this yearMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
- 25 viewsORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
- 11 viewsIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
- 17 views, 2 this year, 1 this monthATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for ContainersJuly 7th, 2021
- 26 views, 2 this yearSecurity alerting made easy using PythonJuly 7th, 2021
- 12 viewsHome-Made Distributed BlocklistJuly 7th, 2021