Enumerating PE File Structure Security Protections and Custom Base 64 Steganography

No ratings

Presented at AtlSecCon 2016 by

Lilly Chalupowski

This talked will be focused on the exploit development tool called badger and the steganography tool called chameleon. Chameleon is a custom base 64 encoder that can allow you to hide your data but also may have potential use in AV Evasion (Anti-Virus Evasion). There will be discussion of how this works and where you can get the code to incorporate this in your own projects. Badger is a tool designed to enumerate dynamic link libraries and their protections. The layout of the PE file structure will be discussed and how some of the features of badger actually work. There will be an introduction the basic concept of how ASLR (Address Space Layout Randomization), DEP (Data Execution prevention) and Canaries can be bypassed using ROP (Return Oriented Programming) and potentially how badger can be used in combination with these techniques to leverage a successful exploit for exploit developers. There will be a demo of the tools after the talk is completed and time for questions.