SLAE 0x7 – Custom crypter

Crypters are programs that encrypt an executable/shellcode, decrypt it at runtime and then run them. So the idea is to use a key/string to encrypt the shellcode. The encrypted shellcode will then be decrypted with the same key and then run. To understand this further we will create our custom crypter using the AES encryption …

SLAE 0x6 – Polymorphic Shellcode

Anti-Virus and IDS vendors constantly create signatures for any new type of shellcode to keep their products updated to protect against attacks.  But malware developers also try and remain ahead of the game by finding new ways to evade AV/IDS . Today we will cover creating Polymorphic shellcodes that are often used to defeat signature …

SLAE 0x5 – Shellcode Analysis

Today, we find shellcodes on various websites like shell-storm.org, exploit-db.com and other internet forums. Running shellcode without understanding the code could have catastrophic results . For instance, a shellcode could do an rm -rf  on the file system even though the comments in the shellcode indicate otherwise. Therefore, I think its important we learn whats going …

SLAE 0x4 – Custom Encoder

Encoding is the process of converting data from one form to another. Encoding is very different from Encryption. Encoding converts data using an algorithm that can be easily reversed. The purpose of encoding is simply to transform data into another form which can be consumed by another system. On the other hand, Encryption is used to …

SLAE 0x3 – Egghunter Shellcode

Egghunter is shellcode that searches for an 8-byte egg that we delibrately place in memory. Once found, this egg points to a much larger space in memory where are shellcode can run. Egghunter can can be very useful in a buffer overflow situation where we control the flow of the program and cannot execute our …

SLAE 0x2 – Shell_Reverse_Tcp

In the last post, we looked at writing the shell_bind_tcp assembly program. In this post, we will write reverse shell in assembly. Unlike bind tcp where the port is opened on the target system. Here we have a port listening on our attacker machine and the victim connects to our open port and sends us …

SLAE 0x1 – Shell_Bind_Tcp shellcode

Whats a bind shell? Bind tcp opens up a port on the victim’s system. When we connect to that port we get shell access to the victim’s system. Hence the term bind shell. Today we write a bindshell in assembly and generate the shellcode that will give us a bind shell. Before that lets look …