Examining Shellcode in a Debugger through Control of the Instruction Pointer
- Adam Kramer
- Wednesday, July 15th, 6:00pm - 7:00pm
Whether responding to an incident or examining an exploit, you might come across malicious files that include shellcode. Knowing how to analyze shellcode in such scenarios is critical to your understanding of the adversary's intentions and capabilities.
One practical approach to learning about the capabilities of shellcode involves executing it in a controlled manner to see what it would do on the victimâs system. However, setting up the environment to let the exploit and its payload showcase its capabilities can be tricky: It involves finding the correct version of the vulnerable software and reproducing the exact configuration required to trigger the exploit Fortunately, there are several free tools and approaches that can address these challenges in a practical manner.
In this session, SANS FOR610 instructor Adam Kramer, will demonstrate how you can understand the nature of the discovered shellcode by executing it in a laboratory system without installing software or needing to make any modifications to your analysis environment. Youâll get a better sense how shellcode works and how you can examine its capabilities to sharpen your incident response and forensics skills.
Expect plenty of live demos, and active Metasploit sessions!
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
|Modern Exploitation: How Hackers Hack With Live Demonstrations & Reversing||James Lyne||Monday, July 13th, 6:30pm - 7:30pm||SANS@Night|
|Using an Open Source Threat Model for Prioritized Defense||James Tarala||Tuesday, July 14th, 6:00pm - 7:00pm||SANS@Night|
|Tips for managing IR teams and Execs (in the middle of your incident)!||Steve Armstrong||Tuesday, July 14th, 7:00pm - 8:00pm||SANS@Night|
|Examining Shellcode in a Debugger through Control of the Instruction Pointer||Adam Kramer||Wednesday, July 15th, 6:00pm - 7:00pm||SANS@Night|
|Three Modern Mobile Threats: The Good, the Bad and the Ugly||Raul Siles||Wednesday, July 15th, 7:00pm - 8:00pm||SANS@Night|