Following up the presentations from last year and this year about shellcode techniques and analysis, this workshop will give the audience hands-on experience in analyzing shellcodes.
This particular component of multi-staged attacks is more difficult to analyse than traditional Win32 binaries as traditional techniques do not apply there. However, this doesn’t mean that a threat analyst is out of options.
Practical examples will be shown, using which the audience can test both static and dynamic analysis techniques to understand the working of shellcodes. Different types of shellcodes (connect-back shells, downloaders, droppers) will be provided for the analysis.
Prior to the workshop it is advised to listen to the accompanying presentation, and possibly last year’s presentation (https://hacktivity.com/hu/archives/videostream/287/en/) Participants should bring their laptops, and if possible, preinstalled with some virtual environment (Virtualbox, VMWare), with a Windows analysis image.