Windows Shellcoding Techniques [2126]

Shellcoding is a crucial aspect of payload development and post exploitation red-team tooling. Functionality such as exploit payloads, inline hooks, trampolines, loader stubs, decoders, decompressors, deobfuscators, entropy control, signature evasion typically involve shellcode. Custom shellcode enables a red-teamer to evade signature-based detection that detect off-the-shelf shellcode from tools like metasploit/MSFvenom.

This class is more than just a tutorial on using assembly language; it provides a holistic coverage of code execution outside the scaffolding provided by PE files, along with Windows facilities that can be leveraged to achieve that. It builds standalone core capabilities that can be readily deployed in various red-teaming scenarios.

The focus of this class is the x64 CPU and the Windows platform. The hands-on labs are based on user-mode shellcoding, but most techniques are also applicable to kernel-mode shellcode. All labs are performed on Windows 11 23H2.