Tag Archives: shellcode

Shellcode: The hunt for GetProcAddress

Introduction Recently revealed by Alex Ionescu, future releases of Windows will include Enhanced Mitigation Experience Toolkit (EMET) built into the kernel. As more mitigation features appear in MSVC and the Windows operating system, the difficulty of locating API to exploit … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , | 3 Comments

Shellcode: x86 optimizations part 1

Introduction What follows are a number of basic ways to compact shellcodes. In a follow up post, I’ll discuss a few ways to obfuscate them which might be useful for evading signature detection algorithms. Some of the examples illustrated here … Continue reading

Posted in assembly, programming, shellcode | Tagged , , , , | Leave a comment

Shellcode: Dual Mode (x86 + x86-64) Linux shellcode

Introduction Someone asked me recently what do you mean by “dual mode shellcode”? and it seems the wording is slightly ambiguous to those unfamiliar with the different operating modes of a CPU like x86 so I just wanted to clarify … Continue reading

Posted in assembly, linux, programming, security, shellcode | Tagged , , , , , | Leave a comment

Shellcode: Fido and how it resolves GetProcAddress and LoadLibraryA

Introduction A tool to modify existing metasploit payloads for windows called Fido was recently published by Joshua Pitts, the author of Backdoor Factory. Fido will strip this assembly code responsible for resolving API addresses in the export directory and replace … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , , , , | Leave a comment

Shellcode: Dual mode PIC for x86 (Reverse and Bind Shells for Windows)

Introduction In a nutshell, we’re mixing 32 and 64-bit x86 opcodes so that regardless of the operating system mode (legacy or long), our Position Independent Code (PIC) will still execute successfully. Although some of the code requires conditional jumps, we … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , | 1 Comment

Shellcode: Solaris x86

Introduction I wasn’t going to discuss these but they might be useful as a reference for anyone attempting to write shellcodes for Solaris on x86. Existing x86 codes I found online are outdated and don’t work anymore so these were … Continue reading

Posted in assembly, security, shellcode | Tagged , , , | Leave a comment

Shellcode: Mac OSX x86-64

Introduction Since Mac OSX is derived from BSD sources, I wrongly presumed the BSD codes would work without problem. 0x4d_ having a Mac was able to confirm they did not work and so we realized quickly the solution was simply … Continue reading

Posted in assembly, osx, security, shellcode | Tagged , , , | Leave a comment