Crypters are programs that encrypt an executable/shellcode, decrypt it at runtime and then run them. So the idea is to use a key/string to encrypt the shellcode. The encrypted shellcode will then be decrypted with the same key and then run. To understand this further we will create our custom crypter using the AES encryption [...]
SLAE 0x6 – Polymorphic Shellcode
Anti-Virus and IDS vendors constantly create signatures for any new type of shellcode to keep their products updated to protect against attacks. But malware developers also try and remain ahead of the game by finding new ways to evade AV/IDS . Today we will cover creating Polymorphic shellcodes that are often used to defeat signature [...]
SLAE 0x5 – Shellcode Analysis
Today, we find shellcodes on various websites like shell-storm.org, exploit-db.com and other internet forums. Running shellcode without understanding the code could have catastrophic results . For instance, a shellcode could do an rm -rf on the file system even though the comments in the shellcode indicate otherwise. Therefore, I think its important we learn whats going [...]
SLAE 0x4 – Custom Encoder
Encoding is the process of converting data from one form to another. Encoding is very different from Encryption. Encoding converts data using an algorithm that can be easily reversed. The purpose of encoding is simply to transform data into another form which can be consumed by another system. On the other hand, Encryption is used to [...]
SLAE 0x3 – Egghunter Shellcode
Egghunter is shellcode that searches for an 8-byte egg that we delibrately place in memory. Once found, this egg points to a much larger space in memory where are shellcode can run. Egghunter can can be very useful in a buffer overflow situation where we control the flow of the program and cannot execute our [...]
SLAE 0x2 – Shell_Reverse_Tcp
In the last post, we looked at writing the shell_bind_tcp assembly program. In this post, we will write reverse shell in assembly. Unlike bind tcp where the port is opened on the target system. Here we have a port listening on our attacker machine and the victim connects to our open port and sends us [...]
SLAE 0x1 – Shell_Bind_Tcp shellcode
Whats a bind shell? Bind tcp opens up a port on the victim's system. When we connect to that port we get shell access to the victim's system. Hence the term bind shell. Today we write a bindshell in assembly and generate the shellcode that will give us a bind shell. Before that lets look [...]
Your Hashes are mine!!
Recently I've been reading up on so many blog posts from red teamers/researchers over the year that I've decide to make my own lab environment to test some of the fun stuff. The aim of this blog series is to consolidate some of tools and techniques (none of my own) tested in a lab environment [...]
Yet another OSCP review
I know there are tons of OSCP reviews out there, but I am pretty sure that any student/professional looking to take the Penetration Testing with Kali (PWK) course and the challenge exam i.e. the Offensive Security Certified Professional (OSCP) would like to read new experiences. So here I am, writing my first blog on Offensive Security's PWK [...]
