I recently enrolled for the Certified Cloud Security Professional certification by (ISC)2. One of the books recommended to me for preparing for this certification was CCSP for Dummies by Arthur J. Deane. It was published in November 2020 by For Dummies publication (a brand of John Wiley & Sons, Inc). I will not go into […]
Web App Pentesting using BodgeIt Store (Part 1)
This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub. A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ What is BodgeIt Store? A vulnerable web application aimed at […]
SLAE: Assignment #5.3
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: Contents of file /etc/issue: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint at code […]
SLAE: Assignment #5.2
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: /etc/passwd file before executing the shellcode: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint […]
SLAE: Assignment #5.1
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: File permission before exectuing the shellcode: Testing shellcode with run_shellcode.c Chmod system call details: The chmod system call takes […]
SLAE: Assignment #4
Assignment Task: Create a custom encoding scheme, similar to “Insertion Encoder” PoC with using execve-stack as the shellcode to encode with schema and execute The encoding scheme chosen for this assigmnet is AddWelve encoding scheme. It is a variant of caesar cipher in which the byte is shifted forward 12 bytes. The algorithm is as […]
SLAE: Assignment #3
Assignment Task: Study about the Egg Hunter shellcode Create a working demo of the Egghunter Should be configurable for different payloads About Egg Hunters Egg Hunter is a mechanism to locate a piece of code in an application’s Virtual Address Space (VAS). This technique is primarily used in exploits where the accessible buffer space is […]
SLAE: Assignment #6
Assignment Task: Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Shellcode 1: shutdown -h now Shell-Storm Link: http://shell-storm.org/shellcode/files/shellcode-876.php The original shellcode was 56 bytes in size. Link to original code: https://github.com/yaksas443/SLAE/blob/master/Assignment%206/6-1/shellcode-6-1-orig.nasm https://github.com/yaksas443/SLAE/blob/master/Assignment%206/6-1/run-shellcode-6-1-orig.c Techniques used to modify […]
SLAE: Assignment #2
Assignment Task: Create a Shell_Reverse_TCP shellcode Reverse connects to configured IP and Port Execs shell on successful connection IP and Port should be easily configurable The TCP reverse shell is used to connect back to the attacking machine, with an interface to execute commands on the target machine. The TCP reverse shell code consists of […]
SLAE: Assignment #1
Assignment Task: Create a Shell_Bind_TCP shellcode Binds to a port Execs shell on incoming connection Port number should be easily configurable The TCP bind shell is used to setup a listener (or server) on the target machine which allows the attacker machine to execute commands on the said machine. The TCP bind shell code consists […]