WorkShop Duration: 2 Hours.
The purpose of this workshop is to familiarize participants with assembly language. At the end of the workshop, participants will be able to understand shellcode and optimize it to avoid null bytes or blacklisted characters.
The workshop will show basics of x86_64 assembly using Intel syntax.
- Tooling for Linux (nasm, ld)
- Hello World in assembly
- Walking through the code
- Live debugging to see the code in action in real-time
- Introduction to syscall
- How to use syscall
- Write a simple syscall to capture user input (exercise)
- Introduction to shellcoding
- What is shellcode
- How to run your shellcode and test it
- Using C wrapper
- Using assembly wrapper
- Introduction to shellcode optimization
- Avoiding null bytes
- jmp, call, pop technique
- Optimizing the Hello World example (exercise)
- Goal: remove null bytes
- Make it functional as a shellcode
- Final exercise: writing an exec shellcode (exercise)
- Write an exec shellcode that is null bytes free
- Extra miles: update the payload to avoid badchars
- Extra miles: obfuscate your final payload
- Writing a simple obfuscator in assembly
- Self-modifying code
- How to fool the disassembler (IDA, objdump)
Charles F. Hamilton
Charles F. is a consultant working for Mandiant a FireEye company. He founded the RingZer0 Team online CTF website in 2014 where he hosts various hacking challenges. He’s been a bypass and evasion techniques enthusiast for years now: antivirus, sandboxes and endpoint security software are his favorite targets. Pure assembly and low language, such a C are his best friends too.
Peter Heppenstall is a student at the University of Maryland studying computer science with a specialization in computer security. He is the competition team lead for the university’s cybersecurity club, where he trains students weekly in a wide range of applied security topics. Previously he has worked doing malware analysis and reverse engineering, and enjoys developing and researching modern obfuscation and anti-analysis techniques. He has written a number of intricate challenges for the RingZer0 Team online CTF, where he currently ranks 3rd worldwide.