When I’ve firstly seen the technique behind the Shellcode execution through Microsoft Windows Callbacks, I thought it was pure magic. But then, digging a little bit on it, I figured out that it was just brilliant ! Nowadays this technique is quite used in underground communities to inject shellcode into running processes so I decided to write a blog post to make clear to cybersecurity analysts how to deal with it. The takeaway of the day is: Don’t trust your callback function anymore! Running Shellcode Through Windows Callbacks
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer