Главная
Study mode:
on
1
Intro
2
Other Potential Titles
3
Overview
4
What is Patching
5
Security Pros and Patching
6
History of Patching
7
The MS Method
8
How Metasploit Patches
9
MSF Create Thread Method (Keep)
10
MSFVenom Win64 Patching Support
11
The Portable Executable Format
12
The Common Object File Format (COFF) Format
13
CTP Methods
14
How are code caves created?
15
Find Code Caves Demo
16
Solution: BDF
17
How BDF works
18
Original Way BDF Worked
19
DEMO - Prototyping shellcode
20
DEMO - Injector Module
21
Attack Scenarios or Methods
22
Mitigations - UPX Encoding
23
Mitigations - Self Validation
24
MSFVENOM keep vs MSVENOM non-keep vs BDF Cave Jumping
25
win32 BDF vs win64 BDF
26
Enterprise Mitigations
27
Progress on x64 Stager
Description:
Explore the intricacies of patching Windows executables with The Backdoor Factory in this DerbyCon 3.0 conference talk by Joshua Pitts. Delve into the world of executable patching, its history, and its relevance to security professionals. Learn about various patching methods, including the MS Method and Metasploit's approach. Gain insights into the Portable Executable Format and the Common Object File Format (COFF). Witness live demonstrations on finding code caves and prototyping shellcode. Discover how The Backdoor Factory (BDF) works and its evolution. Compare different attack scenarios and methods, including MSFVENOM and BDF Cave Jumping. Examine enterprise mitigations and the progress made on x64 stagers. This comprehensive talk covers everything from basic concepts to advanced techniques in Windows executable patching, making it valuable for both beginners and experienced security professionals.

Patching Windows Executables With The Backdoor Factory

Add to list