Part 2: Shellcode Execution with Python | Joff Thyer

🏫 Learn Introduction to Python with Joff Thyer from Antisyphon

00:00 - Part 2 : Allocating Memory
00:36 - How to create a Heap!
01:24 - Python Function Prototypes
02:19 - Generating the Shellcode
03:20 - Copying the Shellcode to memory
04:10 - Create the Thread and Wait!
04:36 - Script Part 1: Import / Class Def.
05:09 - Script Part 2: Constants / Prototypes
05:59 - Script Part 3: _init_ Detects Platform
06:54 - Script Part 4: Shellcode Execution
11:03 - But Wait… Shellcode might be detected
12:08 - The XOR bit flip!
12:58 - XOR multiple bytes
14:31 - Sample Python Byte Encryption Script
15:25 - Encrypting MSFVenom Shellcode
16:16 - What about process injection
16:53 - Process Injection in Brief
17:45 - What process target?
18:24 - My method to find a process
20:12 - Injection API Call Sequence

Description: Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you could use that Python interpreter to execute your favorite C2 framework shellcode and use all of your normal hacking toolsets to continue your work. With a little bit of coding work, you can! In this Black Hills Information Security (BHIS) webcast, you will learn exactly how to achieve your goal of shellcode execution with Python.

Tiny repo with demo code:

Slides:

Part 1
Part 3

Black Hills Infosec Socials

Black Hills Infosec Shirts & Hoodies

Black Hills Infosec Services

Backdoors & Breaches - Incident Response Card Game

Antisyphon Training

Educational Infosec Content

#redteaming #cybersecurity #python #redteam #Demo