ASX to MP3 Converter SEH Exploit

After completing my SLAE x86 certification, I wanted to begin my journey into exploit development. Several years ago, I had went through the excellent exploit development tutorials provided by Corelan and FuzzySecurity. Since then, I have forgotten almost everything and wanted to start over and go through these tutorials again. In addition to Corelan and…

SLAE Assignment #6 – Polymorphic Shellcode

The tasks for assignment 6 were: Take up 3 shellcodes from Shell-­‐Storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Bonus points for making it shorter in length than original Polymorphism, for purposes of this assignment, is to change some of the…

SLAE Assigment #5 – Metasploit Payload Analysis

The goals for assignment #5 were Take up at least 3 shellcode samples created using Msfpayload for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis For this assignment, I decided to look at the shellcodes for the following metasploit payloads: linux/x86/adduser – adds a user to the system linux/x86/exec –…

SLAE Assignment #2 – Reverse TCP Shell

Assignment #2 for the SLAE certification asks the student to do the following: Create a Shell_Reverse_TCP shellcode Reverse connects to configured IP and port Execs Shell on successful connection IP and Port should be easily configurable Analysis of Metasploit Shellcode Similar to the Bind shell post, I began this assignment by using msfvenom to generate…