A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Process Ventriloquism - Spencer McIntyre Bsides Cleveland 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Process Ventriloquism
Spencer McIntyre

This talk will present and outline various techniques for the manipulation of processes at runtime in the Windows environment. Attendees will leave with a better understanding of how the Windows API functions are leveraged by attackers to extract the contents of memory, inject shellcode into other processes and how functions can be hooked and rerouted to execute malicious code. The different techniques used to manipulate processes will be discussed with provided examples. Penetration testers and defensive security people alike will benefit from learning just how tools such as meterpreter are able to inject themselves into and manipulate processes.

As a member of the Research and Development team at SecureState, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand the underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time with SecureState, Mr. McIntyre has worked with a variety of clients across multiple industries, giving him experience in how each secures their data and the threats that they encounter. Mr. McIntyre uses his background in software development to help him to understand and exploit the underlying logic in the software he encounters. He is active in the open source community, making multiple contributions to a variety of projects such as the Metasploit Framework.

Back to Bsides Cleveland 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast