In this challenge, we are presented with an executable file unlike the first challenge where we also had access to the source code. Just like any other programming / reversing challenge, this one could have been possibly solved by two ways (I could think of two, there may be more). Following is my write-up for…
This is my first entry for the Flare-On challenge. For those who don’t know, Flare-On is a yearly binary based challenge series which is heavily focused on reverse engineering. It usually comprises of ~15 challenges with increasing difficulty level. This year, the event had 11 challenges. Due to the nicheness and the difficulty level of…
As opposed to Go-Getters, people with a Go-Giver mindset think about giving others over getting everything for themselves. Go-Givers are the ones who always come to service to others and constantly keep on adding value in the lives of people around them. This little gem of a book talks of very strong five laws by…
Wise and Otherwise is a beautiful compilation of bittersweet anecdotes from the author’s own life. This compilation of short stories is authored by Sudha Murty who is a teacher, author and a social worker by profession. Chairperson of Infosys Foundation and Padma Shri, Sudha Murty has made significant contributions in the development of rural parts…
Crypters are programs which take the payload as input and encrypt it with a strong cryptographic algorithm in order to avoid detection and make analysis a bit difficult. When delivering the encrypted payload to the target host, the payload is run through a decryption stub which decrypts the payload and executes the decrypted shellcode in…
Polymorphism in the context of Shellcoding can be defined as altering the appearance of the code keeping the core functionality intact. Polymorphic shellcodes are created to beat signature based detection mechanisms which is how Antiviruses attempt to detect malicious files on systems. In this blogpost, we will take three Linux/x86 shellcodes from shell-storm and make…
In this blog post, we will analyze shellcodes created from msfvenom. We will focus on Linux – x86 as the target OS and architecture.Let’s begin by listing all the available shellcodes for Linux x86 architecture. Shellcodes to be analyzed: # Name Description 1 Linux/x86/exec Execute an arbitrary command 2 linux/x86/adduser Create a new user with…
In this blog post we will meet what we call a malware’s best friend – Obfuscation. We will create a custom encoder which will obfuscate our actual payload and de-obfuscate it only during runtime. Obfuscation (in the context of software) is a technique that makes binary and textual data unreadable and/or hard to understand. –…
To define in a single line, egg hunting is the process of searching a process’s Address Space in a reliable manner for a given key (egg). Egg-hunt (Wikipedia) This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it…
A reverse shell is a connection established from the victim’s system to the attacker controlled system over a specific port. The major difference between a bind shell and a reverse shell lies in the flow of connection. In this blog post, we will create a reverse shell leveraging the ASM code from the previous post….