Explore advanced memory evasion techniques in this DEF CON 31 conference talk focusing on Thread Stack Spoofing and novel approaches to call stack manipulation. Dive into two groundbreaking techniques, "Full Moon" and "Half Moon," which create sophisticated methods for tampering with call stacks while maintaining logical validity and evading detection. Learn about the innovative Eclipse detection algorithm, specifically designed to identify these tampering techniques through enhanced RtlVirtualUnwind functionality and strict instruction checking. Understand the performance, limitations, and potential combinations of these techniques to create more robust call stack tampering methods. Gain valuable insights into the evolving landscape of cyber defense and memory evasion, essential knowledge for security professionals and researchers working to combat sophisticated threats in process memory manipulation.
StackMoonwalk: Advanced Memory Evasion Techniques Through Call Stack Tampering
Overview
Syllabus
DEF CON 31 - StackMoonwalk - Alessandro Magnosi, Arash Parsa, Athanasios Tserpelis
Taught by
DEFCONConference
Related Courses
-
Demystifying Thread Call Stack Spoofing - Advanced Techniques for Stack Manipulation
-
Defeating EDR Evading Malware with Memory Forensics
-
Flying Under the Radar - New Security Evasion Techniques
-
Social Engineering and Real-Time Malware Attack Strategies - War Stories
-
Anatomy of Memory Scraping Credit Card Stealing POS Malware
-
Anti-forensics Techniques Used by Threat Actors in the Wild
