Conference: DEF CON 31

With our workshop "Indirect Syscalls: A Journey from High to Low" we had the opportunity to actively participate in the Red Team Village at DEF CON 31 in Vegas. We would like to thank the whole Red Team Village team, DEF CON and all other villages and sponsors for the organisation and this great opportunity.

Indirect Syscalls: A Journey from High to Low

The workshop is called "Indirect Syscalls: A Journey from High to Low. It encapsulates the essence of what you will experience in this workshop. Get ready for a hands-on workshop where we'll navigate through the ins and outs of Win32 APIs, Native APIs, direct syscalls and indirect syscalls.

We'll build our knowledge base together, starting with some necessary basics about Windows Internals and then step by step building an indirect syscall shellcode loader.

Workshop Materials

All the materials needed for this workshop will be released on the day of the event, 12th August (US time). These resources will be hosted on a dedicated GitHub repository, ensuring easy access for all participants. The link to this repository will be released on the day of the workshop.

Generell requirements

This workshop is designed for individuals who are interested into the following areas:

  • Windows Internals
  • Malware development
  • Malware analysis

It is not required, but helpful for the workshop participant to have a basic understanding of the following areas:

  • C/C++ and assembly language
  • Visual Studio
  • x64dbg

Technical requirements

Please prepare the following LAB setup:

  • VMware Workstation or VirtualBox

  • VM 2: Kali Linux
    • Metasploit to create shellcode and an MSF-Listener

  • Put VM1 and VM2 on the same subnet

By ensuring that you meet these requirements, you'll be well equipped to participate fully in the workshop. We look forward to sharing this learning experience with all of you.

See you in Vegas!

Last updated 01.04.24 08:17:31 01.04.24
Daniel Feichter