The Hidden ART Of Rolling Shellcode Decryption - Tijme Gommers
Nullcon Goa 2025 · Main Stage
This talk, "The Hidden ART Of Rolling Shellcode Decryption," presented by Tijme Gommers, delves into advanced techniques for loading shellcode into memory while actively evading detection by modern security solutions. Primarily aimed at **offensive security engineers** or **red teamers** who routinely deploy shellcode, the research explores novel methods to keep malicious payloads hidden. However, it also provides crucial insights for **defensive security engineers** and **SOC analysts** seeking to understand and detect sophisticated shellcode loading techniques that may emerge in future threats.
AI review
Gommers presents original, working research on instruction-granular shellcode decryption via hardware breakpoints and VEH — a meaningful evolution past sleep masks with a functional PoC that bypasses MDE on demo day. The engineering decisions are explained at the right level of abstraction, and the performance comparison against VoidGate's trap-flag approach (13M vs 2K breakpoints) gives the novelty claim real teeth.