Workshop: DEF CON 31

DEF CON 31 Workshop

I'm absolutely thrilled to announce that my workshop proposal has been accepted for the Red Team Village at DEF CON 31 in Las Vegas. This is an exciting opportunity to delve deep into the world of system calls and I'm eager to share my knowledge with all of you.

Workshop Details

The workshop will be titled "(In)direct Syscalls: A Journey from High to Low". This title encapsulates the essence of what you'll be experiencing in the workshop. Prepare for a hands-on exploration where we'll be navigating through the ins and outs of Win32 APIs, Native APIs, direct syscalls, and indirect syscalls.

We'll collectively build our knowledge base, starting from the fundamentals and advancing towards the complex intricacies of these systems. A significant part of our expedition will involve the creation of our very own indirect syscall shelldropper. We'll begin by constructing a Win32 API shellcode dropper using Visual Studio and analyzing it using x64dbg. By the end of our journey, you'll have developed, completed, and fully comprehended your own indirect syscall dropper.

Workshop Materials

All the materials needed for this workshop will be released on the day of the event, 12th August (US time). These resources will be hosted on a dedicated GitHub repository, ensuring easy access for all participants. The link to this repository will be released on the day of the workshop.

Generell requirements

This workshop is designed for individuals who are interested into the following areas:

• Windows Internals
• Malware development
• Malware analysis

It is not required, but helpful for the workshop participant to have a basic understanding of the following areas:

• C/C++ and assembly language
• Visual Studio 
• x64dbg 

Technical requirements

Please prepare the following LAB setup:

• VMware Workstation or VirtualBox
  
  

• VM 1: Windows 10 Pro x64 DEV/LAB machine
  • AV/EPP/EDR disabled
  • Visual Studio Community 2019 or Visual Studio Community 2020
    • Desktop development with C++
    • Universal Windows Platform development 
  • x64dbg
  • WinDbg Preview
  • Process Hacker
  • Process Monitor
    
    

• VM 2: Kali Linux
  • Metasploit to create shellcode and an MSF-Listener
    
    

• Put VM1 and VM2 on the same subnet

By ensuring you meet these prerequisites, you'll be well-equipped to participate fully in the workshop. I'm eagerly looking forward to sharing this learning experience with you all. 

See you soon in Las Vegas!