The focus of this post is to analyze a simple injection technique commonly known as *CreateRemoteThread Shellcode Injection*, which is fairly easy to implement and, unfortunately, to detect.
Continue reading »Compared to Unix systems, writing shellcode for Windows is way more difficult, due to the lack of documentation and open-source code. In this post, I'm showing how to write a simple reboot shellcode.
Continue reading »As for the exam SLAE32, the seventh assignment requires the implementation of an decryption scheme to your liking, although it must be done in 64-bit assembly compared to the previous case.
Continue reading »The second shellcode I'll be analyzing for this assignement is "linux/x64/pingback_reverse_tcp" from the Metasploit framework. It connects to a specific TCP listener and then it sends a GUID hard-coded inside the shellcode.
Continue reading »The fifth assignment for the SLAE64 exam consists in choosing three or more shellcodes and then analyzing them in a detailed manner. The first one is taken from the Metasploit framework and is named "linux/x64/meterpreter/reverse_tcp"; it creates a TCP reverse shell, however it does not spawn a simple a /bin/sh shell, but a Meterpreter session, which is more of a Command and Control beacon.
Continue reading »The fourth assignment of the SLAE64 exam is to implement a customer encoding scheme and use it to encode a shellcode, and also run it without crashing I guess...
Continue reading »