Category Archives: windows

Shellcode: A Tweetable Reverse Shell for x86 Windows

Introduction Since being granted a 280 character limit, many twitter users have been embedding all kinds of code into a single message. This will be a quick post showing a tweetable reverse shell for x86 windows. You’ll have to forgive … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , | Leave a comment

Polymorphic Mutex Names

Introduction Perhaps there was never any legitimate reason to use Polymorphic Mutex Names, so it’s understandable many developers never provided a solution. It could be argued, poly mutexes serve only as a way for malicious applications to evade detection. On … Continue reading

Posted in cryptography, programming, windows | Tagged , , , , | Leave a comment

Shellcode: Windows API hashing with block ciphers ( Maru Hash )

Introduction String/Pattern Matching Algorithms are by far the most popular and easy way to detect a shellcode. The principle is simple: all codes have unique characteristics which can be used as signatures to identify in memory. Even shellcodes with no … Continue reading

Posted in assembly, programming, shellcode, windows | Tagged , , , , , | Leave a comment

Shellcode: The hunt for GetProcAddress

Introduction Recently revealed by Alex Ionescu, future releases of Windows will include Enhanced Mitigation Experience Toolkit (EMET) built into the kernel. As more mitigation features appear in MSVC and the Windows operating system, the difficulty of locating API to exploit … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , | 3 Comments

WanaCryptor File Encryption and Decryption

Introduction This is a quick post about the WanaCryptor ransomware wreaking havoc on many networks across the world this weekend. With all the news coverage, most of you already know the trouble caused by it. Once executed on a system, … Continue reading

Posted in cryptography, encryption, malware, public key exchange, security, windows | Tagged , , , , , , , , | 8 Comments

Shellcode: Fido and how it resolves GetProcAddress and LoadLibraryA

Introduction A tool to modify existing metasploit payloads for windows called Fido was recently published by Joshua Pitts, the author of Backdoor Factory. Fido will strip this assembly code responsible for resolving API addresses in the export directory and replace … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , , , , | Leave a comment

Shellcode: Dual mode PIC for x86 (Reverse and Bind Shells for Windows)

Introduction In a nutshell, we’re mixing 32 and 64-bit x86 opcodes so that regardless of the operating system mode (legacy or long), our Position Independent Code (PIC) will still execute successfully. Although some of the code requires conditional jumps, we … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , | 1 Comment