2025-09-05 –, Track 2
If I have to believe the internet, compiling C to Shellcode requires the programmer to account for a lot of caveats: don't use normal strings; don't use the data or bss sections; declare definitions for each dynamically resolved Win32 API call. I dived a little deeper than these popular blogs and found that shellcode compiling can be way easier if you only know how to use the linker properly. In this talk we will dive into linking and linker scripting to show you how to write shellcode the easy way. In addition, I will explain how I created a framework that will allow you to compile C to shellcode without any changes to the source code.
If I have to believe the internet, compiling C to Shellcode requires the programmer to account for a lot of caveats: don't use normal strings; don't use the data or bss sections; declare definitions for each dynamically resolved Win32 API call. I dived a little deeper than these popular blogs and found that shellcode compiling can be way easier if you only know how to use the linker properly. The talk will cover the following topics:
- Linker scripting
- Removing shellcode restrictions
- Statically linking to dynamic libraries (Sort of)
- Continuing execution of other shellcode
- Building a function signature library
- Building shellcode from different languages
- Caveats and (OPSEC) improvements
Jan-Jaap Korpershoek is an experienced ethical hacker working at the Adversary Simulation team of Northwave. He blends his experience in the areas of reverse engineering, red teaming and penetration testing to find new and creative ways to test infrastructure and applications. Jan-Jaap has a bachelor in technical computer science and a master in Cyber Security. He has a broad interest in all things computer science related and is always up for an interesting challenge.