XOR ECX 0x00 What The ShellCode (Part 2) - James Haughom Jr.
In this presentation titled What The Shellcode, James Haughom Jr. (@rnranalysis) continues from the Part 1 of the talk and gives a deep dive into analyzing Windows x86 shellcode.
Unfortunately the lighting was not great for this presentation and James's screen is washed out for a large portion of the presentation. Please see James's blog post for another walkthrough of the sample mentioned in the presentation. http://rinseandrepeatanalysis.blogspo...
XOR ECX (named so for the combination of the company name and the general purpose counter register in Assembly language, ECX) is a bimonthly min-conference hosted by XOR Security. The first event, XOR ECX, 0x00 was held in January of 2019. The purpose of XOR ECX is give security professionals an opportunity to share information with their fellow security professionals as well as have the opportunity to practice a talk they may be working on for a larger conference such as ShmooCon, DEFCON, etc. with a smaller audience. In addition to the presentation, other activities such as a Capture the Flag (CTF), Splunk Boss of The SOC (BOTS), etc. are held after the presentation wraps up.
James's blog: http://rinseandrepeatanalysis.blogspo...
James's Twitter: https://twitter.com/rnranalysis
XOR Security's site: https://www.xorsecurity.com/