SLAE64 - Crypter

The seventh and final assignment of the SLAE64 exam states:

  • Create a custom crypto like the one shown in the "crypters" video
  • Free to use any existing encryption schema
  • Can use any programming language

Initially I wanted to use the Tiny Encryption Algorithm but decided against it and instead chose …




SLAE64 - Polymorphic shellcode

The sixth assignment of the SLAE64 exam states:

  • Take up to 3 shellcodes from Shell-Storm and create polymorphic version of them to beat pattern matching
  • The polymorphic versions cannot be larger than 150% of the original shellcode
  • Bonus points for making it shorter in length than original

When researching polymorphism …




SLAE64 - Metasploit analysis

The fifth assignment of the SLAE64 exam states:

  • Take up at least 3 shellcode samples created using Msfvenom (née Msfpayload) for linux/x86_64
  • Use GDB to dissect the functionality of the shellcode
  • Document your analysis

One thing that immediately stands out is the relative lack in diversity when it comes …




SLAE64 - Custom Encoder

The fourth assignment of the SLAE64 exam states:

  • Create a custom encoding scheme like the "insertion encoder" we showed you
  • PoC with using execve-stack as the shellcode to encode with your schema and execute

For this assignment I wrote a script which supports two encoders and it can also help …




SLAE64 - Egg Hunter

The third assignment of the SLAE64 exam states:

  • Study about the Egg Hunter shellcode
  • Create a working demo of the Egg Hunter
  • It should be configurable for different payloads

I for one had not heard before of the concept of an egg hunter so a little searching around led me …




SLAE64 - Reverse TCP shellcode

The second assignment of the SLAE64 exam states:

  • Create a Shell_Reverse_TCP shellcode:
    • Reverse connects to configure IP and port
    • Needs a "passcode"
    • If passcode is correct then execute a shell
  • Remove 0x00 from the Reverse TCP shellcode discussed in the course

Reverse TCP shellcode

This is quite a lot simpler …




SLAE64 - Bind TCP shellcode

The first assignment of the SLAE64 exam states:

  • Create a Shell_Bind_TCP shellcode:
    • Binds to a port
    • Needs a "passcode"
    • If passcode is correct then execute a shell
  • Remove 0x00 from the Bind TCP shellcode discussed in the course

Shell Bind TCP shellcode

The first assignment is to create a shell …




nasm on OpenBSD

Recently I decided to study for the SLAE64 course from Pentester Academy to work on my assembly knowledge, specifically on x86_64. Through the course does focus on Linux I want to apply the knowledge to OpenBSD/amd64 too and thus I installed NASM and looked at what I needed to …




Setting up NetBox on OpenBSD

The following documents the steps needed to setup NetBox on OpenBSD. I am running NetBox on a PC Engines APU which holds up fairly well and I have since migrated my own setup from RackTables to NetBox, primarily because of the API functionality NetBox offers which allows for integration with …




Salt managed TLS files

When managing configuration for various services, you'll (hopefully) end up having to install TLS certificates at some point. Instead of having to come up with the same logic in various modules, roles or formulas I've had an Ansible role for a while that bundled all the logic into a single …