Category: SLAE x86

Crypters are programs which take the payload as input and encrypt it with a strong cryptographic algorithm in order to avoid detection and make analysis a bit difficult. When delivering the encrypted payload to the target host, the payload is run through a decryption stub which decrypts the payload and executes the decrypted shellcode in…

Polymorphism in the context of Shellcoding can be defined as altering the appearance of the code keeping the core functionality intact. Polymorphic shellcodes are created to beat signature based detection mechanisms which is how Antiviruses attempt to detect malicious files on systems. In this blogpost, we will take three Linux/x86 shellcodes from shell-storm and make…

In this blog post, we will analyze shellcodes created from msfvenom. We will focus on Linux – x86 as the target OS and architecture.Let’s begin by listing all the available shellcodes for Linux x86 architecture. Shellcodes to be analyzed: # Name Description 1 Linux/x86/exec Execute an arbitrary command 2 linux/x86/adduser Create a new user with…

To define in a single line, egg hunting is the process of searching a process’s Address Space in a reliable manner for a given key (egg). Egg-hunt (Wikipedia) This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it…

A reverse shell is a connection established from the victim’s system to the attacker controlled system over a specific port. The major difference between a bind shell and a reverse shell lies in the flow of connection. In this blog post, we will create a reverse shell leveraging the ASM code from the previous post….

A bind shell can be simply defined as a connection established from the attacker’s machine to the victim’s machine which presents the attacker with a comamnd line shell access of the victim’s machine.In this blog post, we will go through the process of the components involved in a bind shell and create our own. In…