Announcement

Collapse
No announcement yet.

Hadrien Barral - Emoji Shellcoding: 🛠️, 🧌, and 🤯

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hadrien Barral - Emoji Shellcoding: 🛠️, 🧌, and 🤯

    Hadrien Barral - Emoji Shellcoding: 🛠️, 🧌, and 🤯


    Hadrien Barral, Hacker, He/Him
    Georges-Axel Jaloyan, Hacker, He/Him

    Presentation Title: Emoji Shellcoding: 🛠️, 🧌, and 🤯
    Length of presentation: 45 minutes
    Demo, Tool


    Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.

    SPEAKER BIO(S):
    Hadrien Barral is an R&D engineer and security expert, focusing on intrusion and high-assurance software. He enjoys hacking on exotic hardware.

    Georges-Axel Jaloyan is an R&D engineer, focusing on formal methods applied to cybersecurity. He enjoys reverse-engineering and formalizing anything he comes by, always for fun and sometimes for profit.

    REFERENCES:

    * RIX. “Writing IA32 alphanumeric shellcodes”. In: Phrack 57 (2001). url: http://phrack.org/issues/57/15.html
    * Joshua Mason, Sam Small, Fabian Monrose, and Greg Mac-Manus. “English Shellcode”. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009. url: https://web.cs.jhu.edu/~sam/ccs243-mason.pdf
    * Hadrien Barral, Houda Ferradi, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. “ARMv8 Shellcodes from ‘A’ to ‘Z’”. In: Proceedings of the 12th International Conference on Information Security Practice and Experience, 2016. url: https://link.springer.com/chapter/10...319-49151-6_25
    * Yves Younan and Pieter Philippaerts. “Alphanumeric RISC ARM Shellcode”. In: Phrack 66 (2009). url: http://phrack.org/issues/66/12.html.
    * Hadrien Barral, Rémi Géraud-Stewart, Georges-Axel Jaloyan, and David Naccache. “RISC-V: #AlphanumericShellcoding”. In: Proceedings of the 13th USENIX Workshop on Offensive Technologies, 2019. url: https://www.usenix.org/system/files/...per_barral.pdf
    * Hadrien Barral, Rémi Géraud, Georges-Axel Jaloyan, and David Naccache. The ABC of Next-Gen Shellcoding. DEFCON27. 2019. url: https://www.youtube.com/watch?v=qHj1kquKNk0
    * Hovav Shacham. “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”. In: Proceedings of the 14th ACM Conference on Computer
    and Communications Security, 2007. url: https://hovav.net/ucsd/dist/geometry.pdf
    * Dionysus Blazakis, “Interpreter exploitation”. In: Proceedings of the 4th USENIX Workshop on Offensive Technologies, 2010. url: https://www.usenix.org/legacy/events...s/Blazakis.pdf




    []
    Last edited by number6; June 8, 2022, 15:17.

  • #2
    Slides are available here: https://media.defcon.org/DEF%20CON%2...hellcoding.pdf

    Code is available here: https://github.com/RischardV/emoji-shellcoding

    Enj🙂y!

    Comment


    • #3
      Note: since the slides on the DEFCON media server are not up-to-date, use the link to the slides from the GitHub repository instead.

      (PS: Defcon team, why can't I simply edit my previous post?)

      Comment


      • number6
        number6 commented
        Editing a comment
        Spammers often post messages without spam, then edit them to show spam. We have ~3-5 minute window for edits of posts by users to fix typos or problems. We previously had a method for active users to get promoted to a different account with more features like being able to edit content for 24 hours, but that was abandoned ~2 years ago because of other problems.
    Working...
    X