Technology
Christopher Glyer and Nick Carr are back with an extremely offensiveepisode with red teamers Evan Pena (@evan_pena2003) and Casey Erikson(@EriksocSecurity). They get right into why they use shellcode (anypiece of self-contained executable code) and some of the latestshellcode execution & injection techniques that are workingin-the-wild.In previous episodes, the gang has discussed attackers - bothauthorized and unauthorized - shift away from PowerShell andscripting-based tooling to C# and shellcode due to improvedvisibility, detection, and prevention provided by more logging, AMSI,and endpoint security tooling. In this episode, they explore howFireEye's Mandiant Red Team has responded to this pressure and thetechniques they've used to continue to operate.Casey and Evan share their research around the benefits & drawbacks ofthe three primary techniques for running shellcode and a project theyjust released - DueDLLigence - to enable conversion of any shellcodeinto flexible DLLs for sideloading or LOLbin'ing:https://github.com/fireeye/DueDLLigenceIf you want to learn more, check out their blog and #DailyToolDrop at:https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.htmlShellabrate good times come on!