Automatically restoring EC2 instances

I recently created a pentest lab in AWS for a course I am giving. In order to keep the structure easy to store and replicate I have published the terraform files here. I should also publish the Ansible files one of these days.

Windows x86 MessageBox shellcode

In this post we will continue exploring the world of Win32 shellcode development. You can check here the first part of a series of posts in which we have developed a reverse shell shellcode from scratch.

Windows x86 Manual Shellcode - Part 3

Continuation of part 1 and part 2 of the Windows x86 Manual Shellcode.

Windows x86 Manual Shellcode - Part 2

In part 1 we started developing a shellcode from scratch until the point where we loaded WSAStartup.

Windows x86 Manual Shellcode - Part 1

In this series we are going to write a Reverse Shell shellcode for Win32 from scratch while trying to reduce its size.

From domain to shell in 48 minutes - hacking like a skiddo

During a recent pentest assessment my team and I were given the mission to look for vulnerabilities at web applications of a client domain. Although very simple and automated, we used a few tricks that made life easier and got us a shell in less than an hour.

SUB encoding

Sometimes during the exploit development you may find yourself in a situation where you need to write an address to a buffer but some of its bytes are badchars. An interesting approach is to manually encode the address using only SUB operations and a bit of arithmetics. You can find a great explanation here

Exploiting Vulnserver GTER (egghunter + pwntools)

Vulnserver is one of the best tools to practice Windows binary exploitation. It is also highly recommended as complementary training for the OSCE certification.

SLAE32 review

TL;DR: SLAE32 course is great and you should do it if you are a beginner/intermediate. A little bit outdated but still absolutely valid. A piece of art for the price charged.

Assignment 4 - Odd-Even encoder

Assignment #4

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: Student ID: SLAE-1228