PErfidious: Make PE backdooring great again!
  • Track A: Friday 1500-1550

PErfidious is a Python3 tool that aims to directly take a benign PE executable and malicious shellcode, transform the malicious shellcode and inject the transformed shellcode directly into various parts of the executable’s .text section, thus completely avoiding the need to look for code-caves or creating additional sections. After injection, PErfidious recalculates the size of the .text section and all the virtual address changes caused by the increase in the size of the .text section and modifies respective fields in the PE header, thus making sure that the PE file doesn’t look injected.

Shreyans is a Cybersecurity Graduate Student at the University of Maryland and has previously worked as a Malware Research Intern at Cybrary Inc. Here he created PErfidious and researched other...
Read More

Back to talks..