DEF CON 31 - Game Changing Advances in Windows Shellcode Analysis - Brizendine, Kersten, Hince
Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode.
SHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs.
Encoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler.
IDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra p
1 view
23
12
3 weeks ago 00:00:06 1
#shorts #hoi4 #heartsofiron4 #memes #ww2 #paradox
3 weeks ago 00:00:10 1
ВСЯ БОЛЬ В ОДНОМ ВИДЕО... #shorts #hoi4 #heartsofiron4 #memes #ww2 #paradox
3 weeks ago 00:03:32 1
Mr and Mrs Sith
3 weeks ago 00:17:49 1
DARTH MAUL: Apprentice - A Star Wars Fan-Film
3 weeks ago 00:03:25 2
Codefendants - Def Cons (Live from The Big Room)
3 weeks ago 00:30:20 1
Die Wochensau Wochenschau Nr. 1 2024 - Urkaine Krieg und Israel Konflikt #nachrichten
3 weeks ago 00:40:46 1
Best Rock Songs - Video Mix
3 weeks ago 00:30:58 1
Das Ende der Ampel und das Ende des ÖRR? [TAGESSAU]
4 weeks ago 01:03:49 1
😲 Infiltración MASONERÍA En La IGLESIA ASESINATO En El Grado 33 P. Charles Murr y Luis Román