Ghost in the Shell(code)
- Type
- Slides
- Tags
- shellcode
- Authors
- Matthew de Carteret
- Event
- Ruxcon 2010
- Indexed on
- Mar 26, 2013
- URL
- http://www.ruxcon.org.au/assets/Presentations/matthew-de-carteret.ghost-in-the-shellcode.2010.pdf
- File name
- matthew-de-carteret.ghost-in-the-shellcode.2010.pdf
- File size
- 823.3 KB
- MD5
- 8feeba2fe8d5aa3eaa5c3c80a8078a3d
- SHA1
- f7a61ad78a98047c456a0e4aaf12cb5003e21679
Shellcode is the crux of any exploit being run today. It dictates what the exploit aims to gain from its use — without shellcode the exploit does nothing. Understanding what shellcode does can be a major step in the incident handling process. Shellcode can do anything you can imagine code could do. Not every shellcode used in an exploit downloads malware or spawns a shell. Times have changed and the targets have updated their protection. Shellcode today could be a straight forward API call to download a file and execute it or it could be code to just disable/create a firewall rule on your windows server. Catching an exploit is a great step in understanding the purpose of an attack. Extracting and reviewing the shellcode will allow you to streamline your incident handlers to collect malware and focus their reviews on particular services or applications. This talk will demonstrate methods on captured exploits for extracting shellcode and understanding its purpose.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
