Workshop 03 - Implementing One-Way Shellcoding in Windows x64 Systems

Abstract

The workshop will primarily focus on Windows x64 bit exploit development for socket rebinding. In scenarios where a Vulnerable Server is behind a Firewall with firewall rules configured such that all the inbound/outbound connections are blocked, except the port used by the vulnerable service. It is not possible to use MSFvenom reverse/bind shell payloads to obtain a shell by exploiting the vulnerable service running on the machine behind a firewall.

The goal of the workshop is to provide training in constructing a shellcode to bypass the firewall restriction using Windows API’s and obtain a shell from the Vulnerable Server by exploiting the vulnerable service and obtaining the shell on the same port as that of the vulnerable service.


When: 09:00 AM, 18 September, 2021

The workshop is free to register, however we can only accommodate 15 participants first come first serve basis.


Speakers Information


Arnold Anthony

Arnold Anthony is currently working as manager and has 7+ years of experience in information security. He is a security enthusiast who believes in sharing knowledge. He enjoys reverse engineering, pentesting, incident response, red/blue teaming, and scripting. In his free time, he does bug bounties and currently ranks amongst the top 300 researchers at Bugcrowd. He also holds the OSCP, OSCE, OSEE, OSWP, OSWE, CRTE, PACES certifications.


Sristi Lakshmi Sravana Kumar

Sristi Lakshmi Sravana Kumar is a Security Analyst and has 5+ years of experience in the field of Cybersecurity. He holds a Master of Science degree in Electrical Engineering from the National University of Singapore (NUS) as well as holding CREST-CRT, OSCP, OSCE, and CRTE certifications. He is interested in offensive security topics like reverse engineering, exploit development, and malware analysis. He has co-authored several research papers on the topics of Embedded Device Security and Cybersecurity published in several international conferences and journals.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.