Executing Windows Malware through WSL (Bashware)

Riyaz Walikar
Oct. 24, 2017
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
Executing Windows Malware through WSL (Bashware)
1 of 18

Executing Windows Malware through WSL (Bashware)

Oct. 24, 2017
Download to read offline
Software

A quick talk on executing Windows binaries using Wine in WSL. This allows for a sort of hidden process execution.

Riyaz Walikar

Recommended

An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to SysinternalsRiyaz Walikar513 views14 slides
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar15.1K views47 slides
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi2.2K views28 slides
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalationjakx_3.5K views51 slides
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP3.9K views123 slides
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed1K views60 slides

More Related Content

What's hot

Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo8.1K views11 slides
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemNabeel Ahmed9K views43 slides
Using symfony to save time, effort and sanityUsing symfony to save time, effort and sanity
Using symfony to save time, effort and sanityJoshua May969 views68 slides
J+sJ+s
J+shappyuk302 views11 slides
WIndows Kernel-Land exploitationWIndows Kernel-Land exploitation
WIndows Kernel-Land exploitationkyaw thiha134 views37 slides
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox 1.1K views37 slides

What's hot(20)

Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
Jameel Nabbo8.1K views
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
Nabeel Ahmed9K views
Using symfony to save time, effort and sanityUsing symfony to save time, effort and sanity
Using symfony to save time, effort and sanity
Joshua May969 views
J+sJ+s
J+s
happyuk302 views
WIndows Kernel-Land exploitationWIndows Kernel-Land exploitation
WIndows Kernel-Land exploitation
kyaw thiha134 views
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
Bishop Fox 1.1K views
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Peter Hlavaty31.1K views
Device drivers IntroductionDevice drivers Introduction
Device drivers Introduction
vijay selva251 views
Hosting Open Source Projects at the OSUOSLHosting Open Source Projects at the OSUOSL
Hosting Open Source Projects at the OSUOSL
OSU Open Source Lab2K views
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Use
vngundi387 views
PowerShell 2.0 remotingPowerShell 2.0 remoting
PowerShell 2.0 remoting
Ravikanth Chaganti1.3K views
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy598 views
Introduction to operating system, system calls and interruptsIntroduction to operating system, system calls and interrupts
Introduction to operating system, system calls and interrupts
Shivam Mitra1.9K views
Buffer overflowsBuffer overflows
Buffer overflows
Sandun Perera404 views
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-sem
Sagun Baijal315 views
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy1.2K views
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using Meterpreter
Shubham Mittal2.2K views
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni51.7K views
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
Peter Hlavaty374 views
How *NOT* to firmwareHow *NOT* to firmware
How *NOT* to firmware
Amit Serper1K views

Similar to Executing Windows Malware through WSL (Bashware)

Linux Server Security and HarderingLinux Server Security and Hardering
Linux Server Security and Harderingvidalinux216 views27 slides
Kali presentationKali presentation
Kali presentationZain Ul abadin2.2K views25 slides
VCS, Containers & Low-codeVCS, Containers & Low-code
VCS, Containers & Low-codeJoel Quintyn5 views21 slides
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.834 views45 slides
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systemsVandana Salve1.9K views16 slides
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionNeel Pathak7.4K views40 slides

Similar to Executing Windows Malware through WSL (Bashware)(20)

Linux Server Security and HarderingLinux Server Security and Hardering
Linux Server Security and Hardering
vidalinux216 views
Kali presentationKali presentation
Kali presentation
Zain Ul abadin2.2K views
VCS, Containers & Low-codeVCS, Containers & Low-code
VCS, Containers & Low-code
Joel Quintyn5 views
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.834 views
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systems
Vandana Salve1.9K views
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak7.4K views
LinuxLinux
Linux
CIIT Wahcantt, Taxila distt. Rawalpindi Pakistan216 views
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot435 views
InSpec - June 2018 at Open28.beInSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.be
Mandi Walls278 views
1 artem mygaiev - testing open-source software in embedded devices1 artem mygaiev - testing open-source software in embedded devices
1 artem mygaiev - testing open-source software in embedded devices
Ievgenii Katsan44 views
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Sysdig 612 views
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
isc2-hellenic629 views
Version Control and Continuous IntegrationVersion Control and Continuous Integration
Version Control and Continuous Integration
Geff Henderson Chang4.8K views
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
drewz lin1.2K views
EMBA - Firmware analysis DEFCON30 demolabs USA 2022EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
MichaelM85042155 views
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
Sysdig 56.9K views
Unit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B KuteUnit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B Kute
Unit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B Kute
Tushar B Kute3.8K views
Linx privx privileges-sudo misconfiguration group and docker daemon privilegesLinx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
AliBawazeEer225 views
Overview on Open Source Technology.pptxOverview on Open Source Technology.pptx
Overview on Open Source Technology.pptx
DrRShaliniVISTAS28 views
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
Black Duck by Synopsys5.9K views

Recently uploaded

Salesforce @AXA.pdfSalesforce @AXA.pdf
Salesforce @AXA.pdfPatrickYANG489 views13 slides
DevOps and SF.pdfDevOps and SF.pdf
DevOps and SF.pdfPatrickYANG485 views28 slides
A Guide to Java Dynamic Proxies and It in CodingA Guide to Java Dynamic Proxies and It in Coding
A Guide to Java Dynamic Proxies and It in CodingMikeConner226 views4 slides
TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...
TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...Thomas Winters11 views26 slides
Document WhatsApp MessagingDocument WhatsApp Messaging
Document WhatsApp MessagingGeminate Consultancy Services11 views45 slides
Why Should You Choose a Personal Trainer over Group Gym Classes?  Why Should You Choose a Personal Trainer over Group Gym Classes?  
Why Should You Choose a Personal Trainer over Group Gym Classes?  Neighborhood Trainer38 views8 slides

Recently uploaded(20)

Salesforce @AXA.pdfSalesforce @AXA.pdf
Salesforce @AXA.pdf
PatrickYANG489 views
DevOps and SF.pdfDevOps and SF.pdf
DevOps and SF.pdf
PatrickYANG485 views
A Guide to Java Dynamic Proxies and It in CodingA Guide to Java Dynamic Proxies and It in Coding
A Guide to Java Dynamic Proxies and It in Coding
MikeConner226 views
TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...
TorfsBot or Not? Evaluating User Perception on Imitative Text Generation (CLI...
Thomas Winters11 views
Document WhatsApp MessagingDocument WhatsApp Messaging
Document WhatsApp Messaging
Geminate Consultancy Services11 views
Why Should You Choose a Personal Trainer over Group Gym Classes?  Why Should You Choose a Personal Trainer over Group Gym Classes?  
Why Should You Choose a Personal Trainer over Group Gym Classes?  
Neighborhood Trainer38 views
Domain storytelling-one size fit all processDomain storytelling-one size fit all process
Domain storytelling-one size fit all process
Michael Chen10 views
Road to NODES 2023: Graphing Relational DatabasesRoad to NODES 2023: Graphing Relational Databases
Road to NODES 2023: Graphing Relational Databases
Neo4j55 views
Improving User Experience with Our Website Feedback ToolImproving User Experience with Our Website Feedback Tool
Improving User Experience with Our Website Feedback Tool
Not8 App15 views
Workflow Engines & Event Streaming Brokers - Can they work together? [Current...Workflow Engines & Event Streaming Brokers - Can they work together? [Current...
Workflow Engines & Event Streaming Brokers - Can they work together? [Current...
Natan Silnitsky120 views
MicroK8s 1.28 - MicroCeph on MicroK8s.pdfMicroK8s 1.28 - MicroCeph on MicroK8s.pdf
MicroK8s 1.28 - MicroCeph on MicroK8s.pdf
Konstantinos Tsakalozos9 views
Our Story, Orange NileOur Story, Orange Nile
Our Story, Orange Nile
ManolodelaFuente116 views
The Never Landing Stream with HTAP and StreamingThe Never Landing Stream with HTAP and Streaming
The Never Landing Stream with HTAP and Streaming
Timothy Spann174 views
COA.pptxCOA.pptx
COA.pptx
GoluTiwari2211 views
baklink.docxbaklink.docx
baklink.docx
AbdAsisHusainSalam5 views
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH11 views
Alliance Expedition BattleAlliance Expedition Battle
Alliance Expedition Battle
Silver Caprice1.5K views
PostgreSQL ProloguePostgreSQL Prologue
PostgreSQL Prologue
Md. Golam Hossain14 views
Co-creating with UX and Software RabobankCo-creating with UX and Software Rabobank
Co-creating with UX and Software Rabobank
SimonedeGijt13 views
Cloud Powered Dynamo for Dynamics 365 FO Payroll Management Improves Efficien...Cloud Powered Dynamo for Dynamics 365 FO Payroll Management Improves Efficien...
Cloud Powered Dynamo for Dynamics 365 FO Payroll Management Improves Efficien...
Dynamics Business Solutions10 views

Executing Windows Malware through WSL (Bashware)