S2E12: Shellcode. DLLy DLLy!
State of the Hack
English - October 17, 2019 14:43 - 20 minutes - 13.8 MB - ★★★★★ - 28 ratingsTechnology News Tech News fireeye mandiant cybersecurity malware hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Christopher Glyer and Nick Carr are back with an extremely offensive
episode with red teamers Evan Pena (@evan_pena2003) and Casey Erikson
(@EriksocSecurity). They get right into why they use shellcode (any
piece of self-contained executable code) and some of the latest
shellcode execution & injection techniques that are working
in-the-wild.
In previous episodes, the gang has discussed attackers - both
authorized and unauthorized - shift away from PowerShell and
scripting-based tooling to C# and shellcode due to improved
visibility, detection, and prevention provided by more logging, AMSI,
and endpoint security tooling. In this episode, they explore how
FireEye's Mandiant Red Team has responded to this pressure and the
techniques they've used to continue to operate.
Casey and Evan share their research around the benefits & drawbacks of
the three primary techniques for running shellcode and a project they
just released - DueDLLigence - to enable conversion of any shellcode
into flexible DLLs for sideloading or LOLbin'ing:
https://github.com/fireeye/DueDLLigence
If you want to learn more, check out their blog and #DailyToolDrop at:
https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on
-the-endpoint-evading-detection-with-shellcode.html
Shellabrate good times come on!