The focus of anti-virus software on traditional executable files has made stealthy code execution trickier than ever for attackers. To dodge EDR companies’ tireless efforts to patch yesterday’s problems, the offensive side is now turning toward alternative file formats and execution paths that slip quietly under the radar.
In this talk from Sector 2025, Cedric Von Bockhaven demonstrates how you can execute code without relying on traditional executable files (e.g. PE files), by leveraging file formats and interpreters less likely to trigger security alarms. He explores some unconventional ways to execute code via commonly installed software that have unexpected code execution possibilities. Additionally, he demonstrates how to target a popular media player and installers of many popular software tools.
Through some practical demos, see how these unconventional methods allow for covert execution that bypass traditional AV detections. Why settle for songs when your media player can play your shellcode?