WEBVTT

1
00:00:00.040 --> 00:00:01.639
<v Speaker 1>Ever get that feeling, you know, that feeling when a

2
00:00:01.639 --> 00:00:03.919
<v Speaker 1>book title just kind of hits you and you're like, whoa,

3
00:00:04.240 --> 00:00:07.040
<v Speaker 1>this is the real deal. Yeah, that's how it was

4
00:00:07.120 --> 00:00:09.679
<v Speaker 1>for me opening up offensive shell code from scratch.

5
00:00:09.960 --> 00:00:10.199
<v Speaker 2>Yeah.

6
00:00:10.199 --> 00:00:13.359
<v Speaker 1>It's like almost like a guidebook for for serious hackers,

7
00:00:13.359 --> 00:00:14.000
<v Speaker 1>wouldn't you say?

8
00:00:14.039 --> 00:00:16.600
<v Speaker 2>Definitely? It sounds intense, intense.

9
00:00:16.679 --> 00:00:19.719
<v Speaker 1>Yeah, And we're not talking about just any hacker. We're

10
00:00:19.719 --> 00:00:24.280
<v Speaker 1>talking about those those APT groups right right, the advanced

11
00:00:24.399 --> 00:00:28.760
<v Speaker 1>persistent threat so real masters masters exactly, the ones who

12
00:00:28.800 --> 00:00:31.839
<v Speaker 1>are like so good they can get into anything, and.

13
00:00:31.719 --> 00:00:34.759
<v Speaker 2>They slip past all those fancy security measures we think are.

14
00:00:34.679 --> 00:00:38.079
<v Speaker 1>So great exactly, and shell code this is this is

15
00:00:38.159 --> 00:00:40.560
<v Speaker 1>like one of their like their secret.

16
00:00:40.159 --> 00:00:44.280
<v Speaker 2>Weapons, right absolutely. What's wild is that shell code. It's

17
00:00:44.359 --> 00:00:48.679
<v Speaker 2>not like some big complex program, you know, it's more

18
00:00:48.799 --> 00:00:51.880
<v Speaker 2>like think of it like a tiny little set of instructions, okay,

19
00:00:52.079 --> 00:00:55.119
<v Speaker 2>hidden within the software itself, just waiting to be triggered.

20
00:00:55.399 --> 00:00:59.920
<v Speaker 2>And often they're using vulnerabilities that the creators, the software developers,

21
00:01:00.240 --> 00:01:01.960
<v Speaker 2>had no clue or even there.

22
00:01:02.359 --> 00:01:05.319
<v Speaker 1>So it's like a secret passageway but built right into

23
00:01:05.400 --> 00:01:06.959
<v Speaker 1>the walls of say a.

24
00:01:06.959 --> 00:01:10.719
<v Speaker 2>Fortress exactly, and you'd be amazed how they find these

25
00:01:10.799 --> 00:01:15.079
<v Speaker 2>vulnerabilities something as simple as clicking a malicious link on LinkedIn,

26
00:01:15.200 --> 00:01:16.680
<v Speaker 2>you know, disguised as a job offer.

27
00:01:16.760 --> 00:01:18.760
<v Speaker 1>Oh yeah, I've heard about those like that campaign back

28
00:01:18.760 --> 00:01:19.640
<v Speaker 1>in twenty twenty one.

29
00:01:19.640 --> 00:01:21.879
<v Speaker 2>Right, exactly, that tricky stuff.

30
00:01:22.079 --> 00:01:28.079
<v Speaker 1>It's scary how something so small, so seemingly insignificant, can

31
00:01:28.200 --> 00:01:31.719
<v Speaker 1>have such huge consequences. The book keeps talking about how

32
00:01:31.799 --> 00:01:34.879
<v Speaker 1>lightweight and efficient good shell code is almost like a

33
00:01:34.879 --> 00:01:37.480
<v Speaker 1>badge of honor, you know, amongst these APT groups.

34
00:01:37.519 --> 00:01:40.319
<v Speaker 2>Oh absolutely, it has to be because they're operating within

35
00:01:40.359 --> 00:01:42.840
<v Speaker 2>the very fabric of the software you see, right, and

36
00:01:42.879 --> 00:01:45.400
<v Speaker 2>they often have very limited space to work with. So

37
00:01:45.760 --> 00:01:49.719
<v Speaker 2>every single line of code has to count maximum impact,

38
00:01:50.000 --> 00:01:51.599
<v Speaker 2>minimal code. That's the name of the game.

39
00:01:51.640 --> 00:01:54.200
<v Speaker 1>Okay, I get it. Efficiency is key, But when we

40
00:01:54.239 --> 00:01:57.239
<v Speaker 1>talk about the actual damage, the real world impact, what

41
00:01:57.280 --> 00:01:59.719
<v Speaker 1>are we talking about? What's a payload in this whole

42
00:02:00.159 --> 00:02:00.680
<v Speaker 1>code equation?

43
00:02:00.840 --> 00:02:03.560
<v Speaker 2>Good question. Think of it this way. You know, those

44
00:02:03.599 --> 00:02:06.159
<v Speaker 2>messages in a bottle people throw into the ocean. The

45
00:02:06.200 --> 00:02:09.960
<v Speaker 2>bottle itself, that's just the delivery mechanism. It's the message

46
00:02:09.960 --> 00:02:13.360
<v Speaker 2>inside that really matters. So the shell code that's your bottle.

47
00:02:13.560 --> 00:02:17.080
<v Speaker 2>It's expertly crafted to reach its target. But it's the payload,

48
00:02:17.159 --> 00:02:19.800
<v Speaker 2>that message inside that actually makes something happen.

49
00:02:19.919 --> 00:02:22.840
<v Speaker 1>So the payload could be anything from like stealing your

50
00:02:22.879 --> 00:02:25.039
<v Speaker 1>data to taking over your entire.

51
00:02:24.840 --> 00:02:27.840
<v Speaker 2>Computer precisely, and one of the most common ways this

52
00:02:27.960 --> 00:02:32.199
<v Speaker 2>happens is through something called a buffer overflow attack. Imagine

53
00:02:32.199 --> 00:02:34.400
<v Speaker 2>a box, right, and you try to force something way

54
00:02:34.400 --> 00:02:38.120
<v Speaker 2>too big inside take a burst exactly. That's a buffer

55
00:02:38.159 --> 00:02:42.479
<v Speaker 2>overflow in a nutshell, attackers exploit weaknesses in a program's code,

56
00:02:42.840 --> 00:02:45.800
<v Speaker 2>making it accept more data than it can handle. This

57
00:02:45.919 --> 00:02:49.400
<v Speaker 2>extra data, this overflow, it spills over into other areas

58
00:02:49.400 --> 00:02:52.439
<v Speaker 2>of the system's memory, and in some cases it overwrites

59
00:02:52.479 --> 00:02:53.479
<v Speaker 2>important data.

60
00:02:53.520 --> 00:02:55.479
<v Speaker 1>And that's where the shell code comes in, right, hiding

61
00:02:55.479 --> 00:02:57.919
<v Speaker 1>in that overflow, just weighing to pounce exactly.

62
00:02:58.120 --> 00:03:00.879
<v Speaker 2>If it's done right, the shell code can actually redirect

63
00:03:00.919 --> 00:03:03.639
<v Speaker 2>the entire flow of the program, making it run the

64
00:03:03.639 --> 00:03:06.599
<v Speaker 2>malicious instructions that are hidden within the payload. And this

65
00:03:07.039 --> 00:03:09.560
<v Speaker 2>is where those APT groups, those elite hackers, they really

66
00:03:09.599 --> 00:03:10.599
<v Speaker 2>get sophisticated.

67
00:03:10.960 --> 00:03:13.599
<v Speaker 1>Yeah, the book gave an example, something about the Lazarus group.

68
00:03:13.759 --> 00:03:17.240
<v Speaker 2>Oh right, the researchers over at Checkpoint, they discovered that

69
00:03:17.319 --> 00:03:20.599
<v Speaker 2>this group. They used a harmless looking macro to hide

70
00:03:20.680 --> 00:03:23.560
<v Speaker 2>a really advanced piece of shell code. Wow, and this

71
00:03:23.639 --> 00:03:26.560
<v Speaker 2>allowed them to slip past all the typical defenses and

72
00:03:26.639 --> 00:03:30.120
<v Speaker 2>deliver their malicious payload right under everyone's noses.

73
00:03:30.599 --> 00:03:33.319
<v Speaker 1>That's some real spy thriller stuff right there. It makes

74
00:03:33.360 --> 00:03:35.919
<v Speaker 1>you wonder what other tricks these guys have up their sleeves. Right,

75
00:03:36.400 --> 00:03:39.360
<v Speaker 1>Speaking of tricks, this book it goes into all these

76
00:03:39.360 --> 00:03:41.960
<v Speaker 1>different types of shell code. It's like a whole secret world.

77
00:03:42.000 --> 00:03:45.840
<v Speaker 2>Oh absolutely, It's incredibly diverse. There's no one size fits

78
00:03:45.840 --> 00:03:48.800
<v Speaker 2>all approach. Each type has its own unique way of

79
00:03:48.879 --> 00:03:52.719
<v Speaker 2>exploiting a system. You know, its strengths, its weaknesses.

80
00:03:53.080 --> 00:03:56.360
<v Speaker 1>Like what exactly is egg hunter shell code? I gotta

81
00:03:56.400 --> 00:03:58.560
<v Speaker 1>admit it sounds kind of fun, like an Easter egg

82
00:03:58.599 --> 00:03:59.719
<v Speaker 1>hunt in the digital.

83
00:03:59.400 --> 00:04:02.120
<v Speaker 2>World's right, Yeah, egg Hunter? It does have a certain

84
00:04:02.199 --> 00:04:04.199
<v Speaker 2>ring to it. Yeah, but trust me, it's not as

85
00:04:04.199 --> 00:04:05.080
<v Speaker 2>innocent as it sounds.

86
00:04:05.120 --> 00:04:07.240
<v Speaker 1>Okay, so not your average Easter egg hunt.

87
00:04:07.000 --> 00:04:11.039
<v Speaker 2>Then not quite. It's actually a really clever technique. Imagine this.

88
00:04:12.120 --> 00:04:15.439
<v Speaker 2>An attacker finds a vulnerability, but there's not a lot

89
00:04:15.439 --> 00:04:17.240
<v Speaker 2>of room to inject their shell code.

90
00:04:17.600 --> 00:04:19.759
<v Speaker 1>Okay, so they got to be sneaky about it exactly.

91
00:04:19.800 --> 00:04:22.959
<v Speaker 2>They need something small, something super efficient that can then

92
00:04:23.199 --> 00:04:25.560
<v Speaker 2>find the rest of their malicious.

93
00:04:25.040 --> 00:04:28.040
<v Speaker 1>Code, like a scout right going ahead to secure the

94
00:04:28.079 --> 00:04:29.800
<v Speaker 1>area before the main force arrives.

95
00:04:29.879 --> 00:04:33.600
<v Speaker 2>Perfect analogy. That's your egg hunter code. It goes in

96
00:04:33.680 --> 00:04:37.120
<v Speaker 2>first plants a unique marker the egg somewhere in the

97
00:04:37.120 --> 00:04:40.879
<v Speaker 2>system's memory, and that then it releases this tiny piece

98
00:04:40.879 --> 00:04:44.319
<v Speaker 2>of code that's designed to scan for that specific marker.

99
00:04:44.480 --> 00:04:46.879
<v Speaker 2>I'm with you so far, and once it finds it, boom,

100
00:04:47.000 --> 00:04:49.399
<v Speaker 2>it knows where to pull in the bigger, more complex

101
00:04:49.480 --> 00:04:50.199
<v Speaker 2>shell code.

102
00:04:50.360 --> 00:04:52.680
<v Speaker 1>So it's not about brute force, it's more about being

103
00:04:52.720 --> 00:04:57.680
<v Speaker 1>smart using the system's own memory against itself. This book

104
00:04:57.720 --> 00:05:00.720
<v Speaker 1>really makes you appreciate the creativity involved.

105
00:05:00.399 --> 00:05:02.560
<v Speaker 2>In all this, oh yeah, for sure. And speaking of

106
00:05:02.600 --> 00:05:06.319
<v Speaker 2>creative reflective DLL injection, that's another one that caught my eye.

107
00:05:06.399 --> 00:05:07.800
<v Speaker 2>Sounds like something out of a spy.

108
00:05:07.680 --> 00:05:09.759
<v Speaker 1>Movie, right, tell me more about this one. It sounds

109
00:05:09.800 --> 00:05:11.240
<v Speaker 1>seriously sneaky, Oh it is.

110
00:05:11.680 --> 00:05:14.879
<v Speaker 2>This one really shows how attackers are always adapting to

111
00:05:14.879 --> 00:05:20.079
<v Speaker 2>get around security measures. So traditionally injecting a malicious DLL

112
00:05:20.199 --> 00:05:23.040
<v Speaker 2>that's a dynamic link library. It's kind of like a

113
00:05:23.079 --> 00:05:26.839
<v Speaker 2>mini program right, got injecting that into a running process.

114
00:05:27.000 --> 00:05:30.040
<v Speaker 2>That was a pretty common way to get malicious code running.

115
00:05:30.199 --> 00:05:32.759
<v Speaker 1>Makes sense. But I'm guessing security software caught onto that

116
00:05:32.800 --> 00:05:33.439
<v Speaker 1>pretty quickly.

117
00:05:33.480 --> 00:05:36.319
<v Speaker 2>You bet they did. Antivirus programs got pretty good at

118
00:05:36.319 --> 00:05:40.000
<v Speaker 2>detecting those injected DLLs. So what did the attackers do?

119
00:05:40.639 --> 00:05:44.040
<v Speaker 2>They upped their game with reflective DLL injection.

120
00:05:44.399 --> 00:05:45.360
<v Speaker 1>Sounds ominous.

121
00:05:45.480 --> 00:05:48.720
<v Speaker 2>Instead of having a separate, suspicious looking file, they started

122
00:05:48.720 --> 00:05:52.319
<v Speaker 2>writing their malicious code directly into the target processes memory.

123
00:05:52.600 --> 00:05:56.360
<v Speaker 1>Sneaky, so it's already inside the system, disguised as something.

124
00:05:56.199 --> 00:06:00.519
<v Speaker 2>Harmless, exactly like smuggling something dangerous past security by making

125
00:06:00.519 --> 00:06:01.720
<v Speaker 2>it look like it belongs there.

126
00:06:01.920 --> 00:06:02.240
<v Speaker 1>Clever.

127
00:06:02.720 --> 00:06:04.879
<v Speaker 2>And the key to this whole disguise act is the

128
00:06:04.920 --> 00:06:05.639
<v Speaker 2>reflective loader.

129
00:06:05.680 --> 00:06:06.600
<v Speaker 1>Okay, what's that? Then?

130
00:06:06.920 --> 00:06:10.079
<v Speaker 2>It's basically this little piece of code that knows how

131
00:06:10.120 --> 00:06:13.680
<v Speaker 2>to unpack and execute that malicious code once it's safely inside.

132
00:06:13.839 --> 00:06:17.040
<v Speaker 1>So it's like the malicious code's own personal assistant making

133
00:06:17.079 --> 00:06:18.480
<v Speaker 1>sure it gets in undetected.

134
00:06:18.600 --> 00:06:19.839
<v Speaker 2>That's a great way to put it.

135
00:06:19.839 --> 00:06:22.120
<v Speaker 1>It makes you wonder how much of this is going

136
00:06:22.120 --> 00:06:23.920
<v Speaker 1>on without us even realizing it.

137
00:06:24.199 --> 00:06:27.040
<v Speaker 2>That's the thing about cybersecurity. It's this constant cat and

138
00:06:27.079 --> 00:06:30.680
<v Speaker 2>mouse game. Attackers find a new way in, defenders catch on,

139
00:06:31.000 --> 00:06:32.560
<v Speaker 2>and the cycle repeats itself.

140
00:06:32.800 --> 00:06:37.000
<v Speaker 1>And speaking of cat and mouse, what about download and execute?

141
00:06:37.360 --> 00:06:39.879
<v Speaker 1>That sounds pretty self explanatory, but I'm guessing it's more

142
00:06:39.920 --> 00:06:41.079
<v Speaker 1>complicated than it sounds.

143
00:06:41.160 --> 00:06:44.879
<v Speaker 2>You got it. This one highlights how attackers bypass those

144
00:06:44.879 --> 00:06:48.480
<v Speaker 2>security features we often take for granted. Imagine a piece

145
00:06:48.519 --> 00:06:51.560
<v Speaker 2>of shell code, right, okay, but this shell code, it's

146
00:06:51.639 --> 00:06:54.600
<v Speaker 2>like a tiny program and its whole job is to

147
00:06:54.639 --> 00:06:58.360
<v Speaker 2>slip past your defenses, get into your system and download

148
00:06:58.399 --> 00:07:01.199
<v Speaker 2>an even bigger, more malicious payload from the internet.

149
00:07:01.439 --> 00:07:03.240
<v Speaker 1>So it's like that scout again, but this time it's

150
00:07:03.279 --> 00:07:05.680
<v Speaker 1>lowering the drawbridge from the inside exactly.

151
00:07:06.319 --> 00:07:09.519
<v Speaker 2>And the sneaky part is they often use legitimate Windows

152
00:07:09.560 --> 00:07:13.319
<v Speaker 2>components to avoid detection. Wait really, yeah, the book mentioned

153
00:07:13.360 --> 00:07:15.959
<v Speaker 2>something called Erleman dot dll.

154
00:07:16.199 --> 00:07:18.279
<v Speaker 1>Okay, you're losing me a bit with the technical jargon.

155
00:07:18.560 --> 00:07:22.079
<v Speaker 2>Sorry. It's basically a system library. Think of it like

156
00:07:22.199 --> 00:07:26.600
<v Speaker 2>a set of tools that Windows uses to handle Internet downloads. Right,

157
00:07:26.879 --> 00:07:30.600
<v Speaker 2>attackers figured out how to leverage functions within this library

158
00:07:30.720 --> 00:07:34.800
<v Speaker 2>to download their malicious payload without raising any red flags.

159
00:07:35.360 --> 00:07:39.079
<v Speaker 2>There's a function called url download to file for example.

160
00:07:39.279 --> 00:07:41.600
<v Speaker 1>Okay, I'm trusting you on the technical details here.

161
00:07:41.720 --> 00:07:45.399
<v Speaker 2>The point is they're hijacking a legitimate system process.

162
00:07:45.800 --> 00:07:48.519
<v Speaker 1>Wow. So it's like they're blending in with the crowd,

163
00:07:48.639 --> 00:07:52.920
<v Speaker 1>making their malicious activity look like normal Internet traffic exactly.

164
00:07:53.079 --> 00:07:55.480
<v Speaker 2>And that's what makes this whole field so challenging. It's

165
00:07:55.480 --> 00:07:57.240
<v Speaker 2>an ongoing battle of wits.

166
00:07:57.560 --> 00:08:00.040
<v Speaker 1>You've said it before, but it's worth repeating. Understand and

167
00:08:00.279 --> 00:08:03.800
<v Speaker 1>how these attacks work. That's the first step to protecting ourselves, right.

168
00:08:03.920 --> 00:08:07.879
<v Speaker 2>Absolutely, knowledge is power. The more we know about these tactics,

169
00:08:07.920 --> 00:08:10.279
<v Speaker 2>the better equipped we are to defend against them.

170
00:08:10.360 --> 00:08:13.800
<v Speaker 1>Right, Because cybersecurity isn't just about strong passwords anymore. It's

171
00:08:13.800 --> 00:08:17.759
<v Speaker 1>about understanding this whole complex world of attack and defense.

172
00:08:18.040 --> 00:08:20.879
<v Speaker 2>Couldn't have said it better myself. And thankfully the book

173
00:08:20.920 --> 00:08:24.040
<v Speaker 2>doesn't just leave us hanging with all this scary attack stuff.

174
00:08:24.399 --> 00:08:27.519
<v Speaker 2>It also goes into countermeasures, those defenses that are being

175
00:08:27.519 --> 00:08:30.240
<v Speaker 2>developed to stop these attacks in their tracks.

176
00:08:30.800 --> 00:08:34.039
<v Speaker 1>Okay, tell me more about those. How do you even

177
00:08:34.120 --> 00:08:37.600
<v Speaker 1>begin to defend again, something as sneaky and sophisticated as

178
00:08:37.639 --> 00:08:38.399
<v Speaker 1>shell code.

179
00:08:38.759 --> 00:08:41.000
<v Speaker 2>Yeah, it's a good thing, right, because it can get

180
00:08:41.080 --> 00:08:43.120
<v Speaker 2>kind of overwhelming thinking about all the ways they can

181
00:08:43.200 --> 00:08:46.200
<v Speaker 2>get in. But I'm glad someone's out there building those defenses.

182
00:08:46.399 --> 00:08:50.000
<v Speaker 1>Oh absolutely, And trust me, for every attack out there,

183
00:08:50.039 --> 00:08:52.159
<v Speaker 1>there's a whole team of people working on ways to

184
00:08:52.200 --> 00:08:58.000
<v Speaker 1>stop it. The book dives into three main countermeasures, ASLR, deep,

185
00:08:58.559 --> 00:08:59.559
<v Speaker 1>and stack cookies.

186
00:09:00.080 --> 00:09:03.679
<v Speaker 2>Okay, let's break those down. Then. What is ASLR all about?

187
00:09:03.840 --> 00:09:05.559
<v Speaker 2>The book made it sound like, I don't know, like

188
00:09:05.600 --> 00:09:08.039
<v Speaker 2>shuffling a deck of cards or something to confuse the attacker.

189
00:09:08.120 --> 00:09:11.200
<v Speaker 1>That's a pretty good analogy actually. ASLR stands for address

190
00:09:11.240 --> 00:09:15.440
<v Speaker 1>space layout randomization. Basically, it shuffles around the locations of

191
00:09:15.480 --> 00:09:18.360
<v Speaker 1>important data in your computer's memory. So instead of finding

192
00:09:18.360 --> 00:09:21.480
<v Speaker 1>that data at a predictable address, the attacker is left guessing.

193
00:09:21.639 --> 00:09:24.519
<v Speaker 1>So their malicious code it could end up pointing at

194
00:09:24.720 --> 00:09:28.279
<v Speaker 1>like the wrong address, causing a system crash. Instead of

195
00:09:28.279 --> 00:09:28.879
<v Speaker 1>doing what they.

196
00:09:28.759 --> 00:09:31.720
<v Speaker 2>Want exactly, it throws a wrench in their plans, makes

197
00:09:31.720 --> 00:09:34.200
<v Speaker 2>it way harder to exploit those vulnerabilities.

198
00:09:34.240 --> 00:09:38.240
<v Speaker 1>Okay, that makes sense. What about DP sounds pretty serious.

199
00:09:38.480 --> 00:09:42.519
<v Speaker 2>It is dep data execution prevention. That's like putting up

200
00:09:42.600 --> 00:09:45.720
<v Speaker 2>keep out signs around certain areas of your computer's memory.

201
00:09:45.879 --> 00:09:48.000
<v Speaker 1>So even if an attacker does manage to get their

202
00:09:48.039 --> 00:09:51.559
<v Speaker 1>code in, they can't actually run it in those protected areas.

203
00:09:51.639 --> 00:09:54.080
<v Speaker 2>Exactly. It's like breaking into a house but then finding

204
00:09:54.120 --> 00:09:56.639
<v Speaker 2>out you can't turn on the lights or use the kitchen.

205
00:09:56.799 --> 00:10:00.960
<v Speaker 1>You're stuck. I like it. And then there's stack cookie

206
00:10:01.240 --> 00:10:03.759
<v Speaker 1>that sounds almost delicious, but something tells me it's.

207
00:10:03.639 --> 00:10:07.320
<v Speaker 2>Not definitely not as tasty as they sound. Think of

208
00:10:07.360 --> 00:10:11.360
<v Speaker 2>stack cookies like hidden alarms, strategically placed to detect if

209
00:10:11.399 --> 00:10:13.120
<v Speaker 2>someone's messing with the system's memory.

210
00:10:13.159 --> 00:10:14.879
<v Speaker 1>So it's like a way for the system to say, hey,

211
00:10:15.559 --> 00:10:16.759
<v Speaker 1>someone's trying to break in here.

212
00:10:17.120 --> 00:10:19.120
<v Speaker 2>Exactly. It's all about early detection.

213
00:10:19.559 --> 00:10:22.720
<v Speaker 1>This is fascinating stuff. But even with all these defenses,

214
00:10:22.759 --> 00:10:25.360
<v Speaker 1>it sounds like the attackers are always finding new ways to,

215
00:10:26.279 --> 00:10:29.000
<v Speaker 1>I don't know, to up their game. The book mentioned

216
00:10:29.000 --> 00:10:32.960
<v Speaker 1>something called ROP return oriented programming, and it sounds like

217
00:10:32.960 --> 00:10:35.720
<v Speaker 1>that's one way they can bypass even those clever countermeasures.

218
00:10:35.799 --> 00:10:38.519
<v Speaker 2>Yeah, unfortunately, right, ROP is a whole other level of

219
00:10:38.639 --> 00:10:42.399
<v Speaker 2>sneaky how attackers can get around things like dep that

220
00:10:42.519 --> 00:10:46.519
<v Speaker 2>keep out system we talked about. Imagine imagine an attacker

221
00:10:46.600 --> 00:10:49.519
<v Speaker 2>who wants to build a specific, I don't know, a contraption,

222
00:10:49.879 --> 00:10:52.960
<v Speaker 2>but they've only got a limited set of lego blocks. Okay,

223
00:10:53.399 --> 00:10:55.279
<v Speaker 2>so instead of building it from scratch, they got to

224
00:10:55.279 --> 00:10:58.200
<v Speaker 2>get creative, right, find new ways to combine those limited

225
00:10:58.200 --> 00:10:59.360
<v Speaker 2>pieces to get what they want.

226
00:11:00.080 --> 00:11:03.960
<v Speaker 1>Rop's like, what repurposing existing code? Yeah, kind of like

227
00:11:04.000 --> 00:11:06.480
<v Speaker 1>finding a new use for those legos exactly.

228
00:11:06.879 --> 00:11:11.519
<v Speaker 2>With ROP, attackers use these existing code snippets. They're called gadgets,

229
00:11:11.600 --> 00:11:15.240
<v Speaker 2>and each one performs a small, specific action. By chaining

230
00:11:15.279 --> 00:11:17.840
<v Speaker 2>these gadgets together in just the right way, they can

231
00:11:17.840 --> 00:11:22.039
<v Speaker 2>actually manipulate the program bypass those dep restrictions and execute

232
00:11:22.039 --> 00:11:22.960
<v Speaker 2>their own code.

233
00:11:23.039 --> 00:11:25.200
<v Speaker 1>It's like they're picking the lock on those keep out

234
00:11:25.279 --> 00:11:26.399
<v Speaker 1>signs exactly.

235
00:11:26.879 --> 00:11:29.519
<v Speaker 2>It's a constant back and forth, always trying to outsmart

236
00:11:29.559 --> 00:11:29.919
<v Speaker 2>each other.

237
00:11:30.120 --> 00:11:34.039
<v Speaker 1>Wow. This entire deep dive into offensive shell code from

238
00:11:34.080 --> 00:11:37.840
<v Speaker 1>scratch has been eye opening, to say the least. It's

239
00:11:37.840 --> 00:11:40.399
<v Speaker 1>like taking a crash course in the world of I

240
00:11:40.440 --> 00:11:43.399
<v Speaker 1>don't know, like digital espionage or something.

241
00:11:43.679 --> 00:11:46.399
<v Speaker 2>It really gives you a new perspective, doesn't it. And

242
00:11:46.440 --> 00:11:48.440
<v Speaker 2>the thing is this is just the tip of the iceberg.

243
00:11:48.519 --> 00:11:49.480
<v Speaker 1>There's always more to learn.

244
00:11:49.600 --> 00:11:53.159
<v Speaker 2>Absolutely, this field is constantly evolving, so staying ahead of

245
00:11:53.200 --> 00:11:54.320
<v Speaker 2>the curve is crucial.

246
00:11:54.600 --> 00:11:56.919
<v Speaker 1>Well said, and hey, who knows, maybe one of our

247
00:11:56.919 --> 00:12:00.039
<v Speaker 1>listeners will be the next cybersecurity expert to develop a

248
00:12:00.080 --> 00:12:05.879
<v Speaker 1>groundbreaking countermeasure. But until then, it's about staying informed, staying vigilant.

249
00:12:06.279 --> 00:12:09.159
<v Speaker 2>Couldn't agree more knowledge is power, folks.

250
00:12:09.000 --> 00:12:10.960
<v Speaker 1>And on that note, we'll wrap up this deep dive

251
00:12:11.000 --> 00:12:13.960
<v Speaker 1>into the world of offensive shell code. Thanks for joining us,

252
00:12:14.120 --> 00:12:15.159
<v Speaker 1>and we'll see you in the next one.