Tweet
Hadrien Barral - Emoji Shellcoding: 🛠️, 🧌, and 🤯
Hadrien Barral, Hacker, He/Him
Georges-Axel Jaloyan, Hacker, He/Him
Presentation Title: Emoji Shellcoding: 🛠️, 🧌, and 🤯
Length of presentation: 45 minutes
Demo, Tool
Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.
SPEAKER BIO(S):
Hadrien Barral is an R&D engineer and security expert, focusing on intrusion and high-assurance software. He enjoys hacking on exotic hardware.
Georges-Axel Jaloyan is an R&D engineer, focusing on formal methods applied to cybersecurity. He enjoys reverse-engineering and formalizing anything he comes by, always for fun and sometimes for profit.
REFERENCES:
* RIX. “Writing IA32 alphanumeric shellcodes”. In: Phrack 57 (2001). url: http://phrack.org/issues/57/15.html
* Joshua Mason, Sam Small, Fabian Monrose, and Greg Mac-Manus. “English Shellcode”. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009. url: https://web.cs.jhu.edu/~sam/ccs243-mason.pdf
* Hadrien Barral, Houda Ferradi, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. “ARMv8 Shellcodes from ‘A’ to ‘Z’”. In: Proceedings of the 12th International Conference on Information Security Practice and Experience, 2016. url: https://link.springer.com/chapter/10...319-49151-6_25
* Yves Younan and Pieter Philippaerts. “Alphanumeric RISC ARM Shellcode”. In: Phrack 66 (2009). url: http://phrack.org/issues/66/12.html.
* Hadrien Barral, Rémi Géraud-Stewart, Georges-Axel Jaloyan, and David Naccache. “RISC-V: #AlphanumericShellcoding”. In: Proceedings of the 13th USENIX Workshop on Offensive Technologies, 2019. url: https://www.usenix.org/system/files/...per_barral.pdf
* Hadrien Barral, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. The ABC of Next-Gen Shellcoding. DEFCON27. 2019. url: https://www.youtube.com/watch?v=qHj1kquKNk0
* Hovav Shacham. “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”. In: Proceedings of the 14th ACM Conference on Computer
and Communications Security, 2007. url: https://hovav.net/ucsd/dist/geometry.pdf
* Dionysus Blazakis, “Interpreter exploitation”. In: Proceedings of the 4th USENIX Workshop on Offensive Technologies, 2010. url: https://www.usenix.org/legacy/events...s/Blazakis.pdf
[]
Hadrien Barral, Hacker, He/Him
Georges-Axel Jaloyan, Hacker, He/Him
Presentation Title: Emoji Shellcoding: 🛠️, 🧌, and 🤯
Length of presentation: 45 minutes
Demo, Tool
Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.
SPEAKER BIO(S):
Hadrien Barral is an R&D engineer and security expert, focusing on intrusion and high-assurance software. He enjoys hacking on exotic hardware.
Georges-Axel Jaloyan is an R&D engineer, focusing on formal methods applied to cybersecurity. He enjoys reverse-engineering and formalizing anything he comes by, always for fun and sometimes for profit.
REFERENCES:
* RIX. “Writing IA32 alphanumeric shellcodes”. In: Phrack 57 (2001). url: http://phrack.org/issues/57/15.html
* Joshua Mason, Sam Small, Fabian Monrose, and Greg Mac-Manus. “English Shellcode”. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009. url: https://web.cs.jhu.edu/~sam/ccs243-mason.pdf
* Hadrien Barral, Houda Ferradi, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. “ARMv8 Shellcodes from ‘A’ to ‘Z’”. In: Proceedings of the 12th International Conference on Information Security Practice and Experience, 2016. url: https://link.springer.com/chapter/10...319-49151-6_25
* Yves Younan and Pieter Philippaerts. “Alphanumeric RISC ARM Shellcode”. In: Phrack 66 (2009). url: http://phrack.org/issues/66/12.html.
* Hadrien Barral, Rémi Géraud-Stewart, Georges-Axel Jaloyan, and David Naccache. “RISC-V: #AlphanumericShellcoding”. In: Proceedings of the 13th USENIX Workshop on Offensive Technologies, 2019. url: https://www.usenix.org/system/files/...per_barral.pdf
* Hadrien Barral, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. The ABC of Next-Gen Shellcoding. DEFCON27. 2019. url: https://www.youtube.com/watch?v=qHj1kquKNk0
* Hovav Shacham. “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”. In: Proceedings of the 14th ACM Conference on Computer
and Communications Security, 2007. url: https://hovav.net/ucsd/dist/geometry.pdf
* Dionysus Blazakis, “Interpreter exploitation”. In: Proceedings of the 4th USENIX Workshop on Offensive Technologies, 2010. url: https://www.usenix.org/legacy/events...s/Blazakis.pdf
[]
Comment