Introduction to Assembly Language and Shellcoding

Presented at NorthSec 2017, Unknown date/time (Unknown duration)

WorkShop Duration: 2 Hours. The purpose of this workshop is to familiarize participants with assembly language. At the end of the workshop, participants will be able to understand shellcode and optimize it to avoid null bytes or blacklisted characters. The workshop will show basics of x86_64 assembly using Intel syntax. Workshop Summary: Tooling for Linux (nasm, ld) Hello World in assembly Walking through the code Live debugging to see the code in action in real-time Introduction to syscall How to use syscall Write a simple syscall to capture user input (exercise) Introduction to shellcoding What is shellcode How to run your shellcode and test it Using C wrapper Using assembly wrapper Introduction to shellcode optimization Avoiding null bytes jmp, call, pop technique Optimizing the Hello World example (exercise) Goal: remove null bytes Make it functional as a shellcode Final exercise: writing an exec shellcode (exercise) Write an exec shellcode that is null bytes free Extra miles: update the payload to avoid badchars Extra miles: obfuscate your final payload Writing a simple obfuscator in assembly Self-modifying code How to fool the disassembler (IDA, objdump)

Presenters:

  • Peter Heppenstall
    Peter Heppenstall is a student at the University of Maryland studying computer science with a specialization in computer security. He is the competition team lead for the university's cybersecurity club, where he trains students weekly in a wide range of applied security topics. Previously he has worked doing malware analysis and reverse engineering, and enjoys developing and researching modern obfuscation and anti-analysis techniques. He has written a number of intricate challenges for the RingZer0 Team online CTF, where he currently ranks 3rd worldwide.
  • Charles F. Hamilton
    Charles F. is a consultant working for Mandiant a FireEye company. He founded the RingZer0 Team online CTF website in 2014 where he hosts various hacking challenges. He's been a bypass and evasion techniques enthusiast for years now: antivirus, sandboxes and endpoint security software are his favorite targets. Pure assembly and low language, such a C are his best friends too.

Links:

Similar Presentations: