Teaching Old Shellcode New Tricks

Presented at DEF CON 25 (2017), July 28, 2017, 1 p.m. (45 minutes)

Metasploit x86 shellcode has been defeated by EMET and other techniques not only in exploit payloads but through using those payloads in non-exploit situations (e.g. binary payload generation, PowerShell deployment, etc..). This talk describes taking Metasploit payloads (minus Stephen Fewer's hash API), incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something better.

Presenters:

• Joshua Pitts - Hacker   as Josh Pitts
  Josh Pitts has over 15 years experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering and forensics. Josh has worked in US Government contracting, commercial consulting, and silicon valley startups. He likes to write code that patches code with other code via The Backdoor Factory (BDF), has co-authored an open-source environmental keying framework (EBOWLA), and once served in the US Marines. @midnite_runr

Links:

• https://defcon.org/html/defcon-25/dc-25-speakers.html#Pitts
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - JoSh Pitts - Teaching Old Shellcode New Tricks.mp4
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - JoSh Pitts - Teaching Old Shellcode New Tricks.srt (subtitles)
• https://www.youtube.com/watch?v=jk1VAuPH4-w

Similar Presentations:

• 31C3 (2014) / EMET 5.1 - Armor or Curtain?
• REcon Brussels 2017 / Teaching Old Shellcode New Tricks
• DEF CON 17 (2009) / Macsploitation with Metasploit