This fat Rodzianko has written me lots of nonsense again. I deign to even reply
In my previous post, I wrote about getting started with Covenant C2. In that post the infrastructure I setup for the C2 communications was very simple: The C2 agents connected directly to the C2 server over a private subnet. This works for a lab environment, but for a real world redteam engagement having your C2…
In my previous blog post, I created an Active Directory (AD) lab environment in AWS that I wanted to use to test/practice various redteam concepts and tools. One of the tools I was interested in testing is the new version of Covenant C2. Covenant is a command-and-control (C2) framework. What this means is if you…
I recently started the Attacking and Defending Active Directory course from Pentester Academy, and just finished up the last of the hands-on objectives. The material for the course is great for anyone looking to improve their skills for enumerating and abusing Active Directory on internal penetration tests or red team engagements. The course is designed…
After completing my SLAE x86 certification, I wanted to begin my journey into exploit development. Several years ago, I had went through the excellent exploit development tutorials provided by Corelan and FuzzySecurity. Since then, I have forgotten almost everything and wanted to start over and go through these tutorials again. In addition to Corelan and…
The tasks for the 7th assignment are: Create a custom crypter like the one shown in the “crypters” video Free to use any existing encryption schema Can use any programming language The programing language I am most comfortable with is python, so i wanted to make sure that it is possible to execute shellcode from…
The tasks for assignment 6 were: Take up 3 shellcodes from Shell-‐Storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Bonus points for making it shorter in length than original Polymorphism, for purposes of this assignment, is to change some of the…
The goals for assignment #5 were Take up at least 3 shellcode samples created using Msfpayload for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis For this assignment, I decided to look at the shellcodes for the following metasploit payloads: linux/x86/adduser – adds a user to the system linux/x86/exec –…
The goals for Assignment #4 are: Create a custom encoding scheme like the “InsertionEncoder” we showed you PoC with using execve-stack as the shellcode to encode with your schema and execute For my custom encoder, I decided to make what would be a “ROT13” or rotate 13 encoder. A python script would take the hex…
Assignment #3 for the SLAE certification asks the student to do the following: Study about the Egg Hunter shellcode Create a working demo of the Egghunter Should be configurable for different payloads Based on what I found during my research, the basic idea behind an egg hunter is that you will have the first stage…
Assignment #2 for the SLAE certification asks the student to do the following: Create a Shell_Reverse_TCP shellcode Reverse connects to configured IP and port Execs Shell on successful connection IP and Port should be easily configurable Analysis of Metasploit Shellcode Similar to the Bind shell post, I began this assignment by using msfvenom to generate…