Syscalls in Shellcode - Techniques for Malicious Functionality

Explore advanced techniques for utilizing Windows syscalls in shellcode during this in-depth conference talk. Delve into the challenges of using syscalls in Windows environments, including the portability problem associated with system service numbers (SSNs). Learn about ShellWasp, a tool designed to overcome these challenges and enable direct syscall usage in shellcode. Gain insights into the rarity of syscall implementation in Windows shellcode and understand the complexities involved in their execution. Witness demonstrations of shellcode comprised of multiple Windows syscalls, including an elaborate example utilizing 10 syscalls. Discover the nuances and gotchas of working with syscalls in shellcode compared to traditional WinAPI approaches. Examine how ShellWasp addresses portability issues and generates shellcode templates with labeled syscalls and parameters. Acquire a deep understanding of syscall mechanics in modern Windows operating systems, including Windows 7, 10, and 11. Uncover a novel method for invoking Windows syscalls in WoW64 environments, adding stealth to your code. Master this elite, state-of-the-art approach to shellcode development and expand your knowledge of advanced offensive security techniques.