Indirect Syscalls: A Journey from High to Low
The workshop is called "Indirect Syscalls: A Journey from High to Low. It encapsulates the essence of what you will experience in this workshop. Get ready for a hands-on workshop where we'll navigate through the ins and outs of Win32 APIs, Native APIs, direct syscalls and indirect syscalls.
We'll build our knowledge base together, starting with some necessary basics about Windows Internals and then step by step building an indirect syscall shellcode loader.
Workshop Materials
All the materials needed for this workshop will be released on the day of the event, 12th August (US time). These resources will be hosted on a dedicated GitHub repository, ensuring easy access for all participants. The link to this repository will be released on the day of the workshop.
Generell requirements
This workshop is designed for individuals who are interested into the following areas:
- Windows Internals
- Malware development
- Malware analysis
It is not required, but helpful for the workshop participant to have a basic understanding of the following areas:
- C/C++ and assembly language
- Visual Studio
- x64dbg
Technical requirements
Please prepare the following LAB setup:
- VMware Workstation or VirtualBox
- VM 1: Windows 10 Pro x64 DEV/LAB machine
- AV/EPP/EDR disabled
- Visual Studio Community 2019 or Visual Studio Community 2020
- Desktop development with C++
- Universal Windows Platform development
- x64dbg
- WinDbg Preview
- Process Hacker
- Process Monitor
- VM 2: Kali Linux
- Metasploit to create shellcode and an MSF-Listener
- Metasploit to create shellcode and an MSF-Listener
- Put VM1 and VM2 on the same subnet
By ensuring that you meet these requirements, you'll be well equipped to participate fully in the workshop. We look forward to sharing this learning experience with all of you.
See you in Vegas!