Uploaded byVeilFramework
PDF, PPTX4,317 views

Veil-Ordnance

The document discusses shellcode generation methods used in exploits, primarily focusing on the need for a new tool called veil-ordnance that efficiently generates shellcode without reliance on external tools like msfvenom, which can lead to parsing issues. It outlines command line options available in veil-ordnance for different payloads and encoders, and highlights the contribution of Jon Yates in developing these payloads. The author invites feedback and collaboration on encoders and provides contact information for further inquiries.

Embed presentation

Download as PDF, PPTX
Veil-Ordnance @ChrisTruncer
Shellcode Generation Shellcode is commonly the medium for payloads within exploits Typically, it’s generated using one of two methods msfvenom msfpayload | mefencode Unless custom written, most people rely on MSF
Veil-Evasion We “outsource” our shellcode generation capabilities Reliance on outside tools can cause problems If msfvenom output changes, our parsing breaks This has happened twice Speed - MSF slow to start (even with simplified framework)
What we need We need a tool that generates shellcode Output doesn’t change Allows us to easily control what we want to parse Still provide some bad character avoidance capabilities Speed is always nice too
Veil-Ordnance
Command Line Driven
Command Line Options -p = Stager Type rev_tcp… - -ip = IP (or domain) to connect to - -port = Port to connect to or listen on -e = encoder name xor -b = bad characters - -print-stats = size, name, etc. - -list-payloads - -list-encoders
Verbose Output
Veil-Ordnance Info Six different payloads Tried to base off of my experience as most common (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports) All payloads have been ported from the Metasploit Framework - i.e. I did not write the shellcode! Jon Yates (@redbeardsec) really helped with diving in to learn how these are generated 1 Encoder Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)
Demo Time
I Need Help! Encoders! Please, send me any/all python POCs! Slowly working through msf encoders Feedback, bugs, etc.!
Thanks! Questions? Get in touch! @ChrisTruncer or @veilframework https://www.veil-framework.com https://www.christophertruncer.com https://github.com/Veil-Framework #Veil on Freenode Chris at veil-framework dot com

More Related Content

PPTX
The Veil-Framework
byVeilFramework
 
PDF
Ever Present Persistence - Established Footholds Seen in the Wild
byCTruncer
 
PDF
The Supporting Role of Antivirus Evasion while Persisting
byCTruncer
 
PDF
AV Evasion with the Veil Framework
byVeilFramework
 
PDF
AntiVirus Evasion Reconstructed - Veil 3.0
byCTruncer
 
PDF
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 
PDF
Higher Level Malware
byCTruncer
 
PDF
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
byCTruncer
 
The Veil-Framework
byVeilFramework
 
Ever Present Persistence - Established Footholds Seen in the Wild
byCTruncer
 
The Supporting Role of Antivirus Evasion while Persisting
byCTruncer
 
AV Evasion with the Veil Framework
byVeilFramework
 
AntiVirus Evasion Reconstructed - Veil 3.0
byCTruncer
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 
Higher Level Malware
byCTruncer
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
byCTruncer
 

What's hot

PDF
The State of the Veil Framework
byVeilFramework
 
PDF
Pentester++
byCTruncer
 
PDF
Bringing Down the House - How One Python Script Ruled Over AntiVirus
byCTruncer
 
PDF
An EyeWitness View into your Network
byCTruncer
 
PPTX
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
bymidnite_runr
 
PDF
The Art of AV Evasion - Or Lack Thereof
byCTruncer
 
PPTX
Hacking - Breaking Into It
byCTruncer
 
PDF
Egress-Assess and Owning Data Exfiltration
byCTruncer
 
PPTX
CheckPlease - Payload-Agnostic Implant Security
byBrandon Arvanaghi
 
PDF
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
byCTruncer
 
PDF
CheckPlease: Payload-Agnostic Targeted Malware
byBrandon Arvanaghi
 
PDF
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
byCTruncer
 
PDF
Finding Needles in Haystacks
bysnyff
 
PDF
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
byCodemotion
 
PPT
Rust Programming Language
byJaeju Kim
 
PDF
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
byMario Heiderich
 
PPTX
S2 e (selective symbolic execution) -shivkrishna a
byCysinfo Cyber Security Community
 
PDF
Deep drive into rust programming language
byVigneshwer Dhinakaran
 
PDF
XFLTReat: a new dimension in tunnelling
byShakacon
 
PDF
Exploitation and State Machines
byMichael Scovetta
 
The State of the Veil Framework
byVeilFramework
 
Pentester++
byCTruncer
 
Bringing Down the House - How One Python Script Ruled Over AntiVirus
byCTruncer
 
An EyeWitness View into your Network
byCTruncer
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
bymidnite_runr
 
The Art of AV Evasion - Or Lack Thereof
byCTruncer
 
Hacking - Breaking Into It
byCTruncer
 
Egress-Assess and Owning Data Exfiltration
byCTruncer
 
CheckPlease - Payload-Agnostic Implant Security
byBrandon Arvanaghi
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
byCTruncer
 
CheckPlease: Payload-Agnostic Targeted Malware
byBrandon Arvanaghi
 
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
byCTruncer
 
Finding Needles in Haystacks
bysnyff
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
byCodemotion
 
Rust Programming Language
byJaeju Kim
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
byMario Heiderich
 
S2 e (selective symbolic execution) -shivkrishna a
byCysinfo Cyber Security Community
 
Deep drive into rust programming language
byVigneshwer Dhinakaran
 
XFLTReat: a new dimension in tunnelling
byShakacon
 
Exploitation and State Machines
byMichael Scovetta
 

Similar to Veil-Ordnance

PDF
Reverse engineering - Shellcodes techniques
byEran Goldstein
 
PDF
Dive into exploit development
byPayampardaz
 
TXT
Msfpayload/Msfencoder cheatsheet
byCe.Se.N.A. Security
 
PPTX
Adventures in Asymmetric Warfare
byWill Schroeder
 
PPTX
Pentesting tricks - Out with Powershell, in with C#
byMichelangelo Sidagni
 
PPTX
THE VEIL FRAMEWORK
bySukesh Shetty
 
ODP
Metasploit Framework Executable Encoding
bytechnology_flow
 
PDF
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
PDF
Format String Exploitation
byUTD Computer Security Group
 
Reverse engineering - Shellcodes techniques
byEran Goldstein
 
Dive into exploit development
byPayampardaz
 
Msfpayload/Msfencoder cheatsheet
byCe.Se.N.A. Security
 
Adventures in Asymmetric Warfare
byWill Schroeder
 
Pentesting tricks - Out with Powershell, in with C#
byMichelangelo Sidagni
 
THE VEIL FRAMEWORK
bySukesh Shetty
 
Metasploit Framework Executable Encoding
bytechnology_flow
 
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
Format String Exploitation
byUTD Computer Security Group
 

Recently uploaded

PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PDF
A Simple Guide to Real Estate Tokenization on XRP Ledger.pdf
byemmajoh2025
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
A Simple Guide to Real Estate Tokenization on XRP Ledger.pdf
byemmajoh2025
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 

Veil-Ordnance

  • 1.
  • 2.
    Shellcode Generation Shellcodeis commonly the medium for payloads within exploits Typically, it’s generated using one of two methods msfvenom msfpayload | mefencode Unless custom written, most people rely on MSF
  • 3.
    Veil-Evasion We “outsource”our shellcode generation capabilities Reliance on outside tools can cause problems If msfvenom output changes, our parsing breaks This has happened twice Speed - MSF slow to start (even with simplified framework)
  • 4.
    What we need We need a tool that generates shellcode Output doesn’t change Allows us to easily control what we want to parse Still provide some bad character avoidance capabilities Speed is always nice too
  • 5.
  • 6.
  • 7.
    Command Line Options -p = Stager Type rev_tcp… - -ip = IP (or domain) to connect to - -port = Port to connect to or listen on -e = encoder name xor -b = bad characters - -print-stats = size, name, etc. - -list-payloads - -list-encoders
  • 8.
  • 9.
    Veil-Ordnance Info Sixdifferent payloads Tried to base off of my experience as most common (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports) All payloads have been ported from the Metasploit Framework - i.e. I did not write the shellcode! Jon Yates (@redbeardsec) really helped with diving in to learn how these are generated 1 Encoder Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)
  • 10.
  • 11.
    I Need Help! Encoders! Please, send me any/all python POCs! Slowly working through msf encoders Feedback, bugs, etc.!
  • 12.
    Thanks! Questions? Getin touch! @ChrisTruncer or @veilframework https://www.veil-framework.com https://www.christophertruncer.com https://github.com/Veil-Framework #Veil on Freenode Chris at veil-framework dot com