When You Are Attacked… by the Government

Reported to us-cert.gov: Return-Path: Reta.Brewer@ihs.gov Received: from mail.digitaloperatives.com (LHLO mail.digitaloperatives.com) by mail.digitaloperatives.com (Postfix) with ESMTP id D64E0506D5F Authentication-Results: mail.digitaloperatives.com ; dkim=pass...

Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!

What does a cult Brezhnev-era movie have to do with how exploit code finds its bearings in a Windows process’ address space? How can cryptographically insecure hashing functions be exploited to create honeypots that thwart shellcode? We researched this as a part of our Halting Attacks Via Obstructing Configurations project, funded by DARPA Cyber Fast Track. You can read about it in the International Journal of PoC||GTFO, issue 0x12.