POP POP RETN ; An Introduction to Writing Win32 Shellcode

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 3 p.m. (50 minutes)

If you have ever worked with an exploit or Metasploit, you have probably used shellcode, but do you know how it is made? This talk has been designed to walk you through the ins and outs of basic shellcode, with a focus on Windows and the x86 architecture. There will be a review of the basic computer science behind shellcode, a look under the hood of msfvenom works and how you can recreate msfvenom's shellcode in Assembly, and then a walkthrough and a demo of how you can create a custom connectback stager using Assembly. Chris Maddalena is a Michigan-area security consultant who specializes in red teaming. Chris is involved with penetration testing, physical security, phishing, and on-site social engineering. He is also active in tool development, specifically in the areas of recon and phishing, and has released several publicly on GitHub. Chris is heavily involved with the Michigan security group, #misec, where he manages the "misecgroup" YouTube channel to make recordings of local presentations and workshops available to the community. @cmaddalena

Presenters:

• Christopher Maddalena

Links:

• https://www.derbycon.com/saturday-schedule/#event-102

Similar Presentations:

• DEF CON 31 (2023) / Game-Changing Advances in Windows Shellcode Analysis
• NorthSec 2017 / Introduction to Assembly Language and Shellcoding
• DerbyCon 7.0 Legacy (2017) / Shellcode Via VBScript/JScript Implications