Previous

Workshop: DEF CON 31


DEF CON 31 Workshop


I'm absolutely thrilled to announce that my workshop proposal has been accepted for the Red Team Village at DEF CON 31 in Las Vegas. This is an exciting opportunity to delve deep into the world of system calls and I'm eager to share my knowledge with all of you.


Workshop Details


The workshop will be titled "(In)direct Syscalls: A Journey from High to Low". This title encapsulates the essence of what you'll be experiencing in the workshop. Prepare for a hands-on exploration where we'll be navigating through the ins and outs of Win32 APIs, Native APIs, direct syscalls, and indirect syscalls.

We'll collectively build our knowledge base, starting from the fundamentals and advancing towards the complex intricacies of these systems. A significant part of our expedition will involve the creation of our very own indirect syscall shelldropper. We'll begin by constructing a Win32 API shellcode dropper using Visual Studio and analyzing it using x64dbg. By the end of our journey, you'll have developed, completed, and fully comprehended your own indirect syscall dropper.


Workshop Materials


All the materials needed for this workshop will be released on the day of the event, 12th August (US time). These resources will be hosted on a dedicated GitHub repository, ensuring easy access for all participants. The link to this repository will be released on the day of the workshop.


Generell requirements


This workshop is designed for individuals who are interested into the following areas:

  • Windows Internals
  • Malware development
  • Malware analysis


It is not required, but helpful for the workshop participant to have a basic understanding of the following areas:

  • C/C++ and assembly language
  • Visual Studio 
  • x64dbg 


Technical requirements


Please prepare the following LAB setup:

  • VMware Workstation or VirtualBox

  • VM 2: Kali Linux
    • Metasploit to create shellcode and an MSF-Listener

  • Put VM1 and VM2 on the same subnet


By ensuring you meet these prerequisites, you'll be well-equipped to participate fully in the workshop. I'm eagerly looking forward to sharing this learning experience with you all. 

See you soon in Las Vegas!

Last updated 05.09.23 07:06:29 05.09.23
Daniel Feichter