What does a cult Brezhnev-era movie have to do with how exploit code finds its bearings in a Windows process’ address space? How can cryptographically insecure hashing functions be exploited to create honeypots that thwart shellcode? We researched this as a part of our Halting Attacks Via Obstructing Configurations project, funded by DARPA Cyber Fast Track. You can read about it in the International Journal of PoC||GTFO, issue 0x12.
- Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
- Unintended Consequences of Equation Group Malware
- HAVOC – Halting Attacks Via Obstructing Configurations – Part One
- New World Order – When Databases Collide
- Ghost in the Shellcode 2015 Write-up, Forensics 200: “CloudFS”