I recently created a pentest lab in AWS for a course I am giving. In order to keep the structure easy to store and replicate I have published the terraform files here. I should also publish the Ansible files one of these days.
In this post we will continue exploring the world of Win32 shellcode development. You can check here the first part of a series of posts in which we have developed a reverse shell shellcode from scratch.
In part 1 we started developing a shellcode from scratch until the point where we loaded WSAStartup.
In this series we are going to write a Reverse Shell shellcode for Win32 from scratch while trying to reduce its size.
During a recent pentest assessment my team and I were given the mission to look for vulnerabilities at web applications of a client domain. Although very simple and automated, we used a few tricks that made life easier and got us a shell in less than an hour.
Sometimes during the exploit development you may find yourself in a situation where you need to write an address to a buffer but some of its bytes are badchars. An interesting approach is to manually encode the address using only SUB operations and a bit of arithmetics. You can find a great explanation here
Vulnserver is one of the best tools to practice Windows binary exploitation. It is also highly recommended as complementary training for the OSCE certification.
TL;DR: SLAE32 course is great and you should do it if you are a beginner/intermediate. A little bit outdated but still absolutely valid. A piece of art for the price charged.
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-1228
