iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

London in the Summer 2015

London, United Kingdom | Mon, Jul 13 - Sat, Jul 18, 2015
This event is over,
but there are more training opportunities.

Examining Shellcode in a Debugger through Control of the Instruction Pointer

  • Adam Kramer
  • Wednesday, July 15th, 6:00pm - 7:00pm

Whether responding to an incident or examining an exploit, you might come across malicious files that include shellcode. Knowing how to analyze shellcode in such scenarios is critical to your understanding of the adversary's intentions and capabilities.

One practical approach to learning about the capabilities of shellcode involves executing it in a controlled manner to see what it would do on the victimâs system. However, setting up the environment to let the exploit and its payload showcase its capabilities can be tricky: It involves finding the correct version of the vulnerable software and reproducing the exact configuration required to trigger the exploit Fortunately, there are several free tools and approaches that can address these challenges in a practical manner.

In this session, SANS FOR610 instructor Adam Kramer, will demonstrate how you can understand the nature of the discovered shellcode by executing it in a laboratory system without installing software or needing to make any modifications to your analysis environment. Youâll get a better sense how shellcode works and how you can examine its capabilities to sharpen your incident response and forensics skills.

Expect plenty of live demos, and active Metasploit sessions!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, July 13
Session Speaker Time Type
Modern Exploitation: How Hackers Hack With Live Demonstrations & Reversing James Lyne Monday, July 13th, 6:30pm - 7:30pm SANS@Night
Tuesday, July 14
Session Speaker Time Type
Using an Open Source Threat Model for Prioritized Defense James Tarala Tuesday, July 14th, 6:00pm - 7:00pm SANS@Night
Tips for managing IR teams and Execs (in the middle of your incident)! Steve Armstrong Tuesday, July 14th, 7:00pm - 8:00pm SANS@Night
Wednesday, July 15
Session Speaker Time Type
Examining Shellcode in a Debugger through Control of the Instruction Pointer Adam Kramer Wednesday, July 15th, 6:00pm - 7:00pm SANS@Night
Three Modern Mobile Threats: The Good, the Bad and the Ugly Raul Siles Wednesday, July 15th, 7:00pm - 8:00pm SANS@Night