Interesting payload protected with #Espio #redteam (asas.exe)

#shellcode extracted:
#⃣97319fc83dfed8015ded37bc8069dfe8

Elevator.exe is a UAC bypass tool written in rust.

shellcode: https://pastebin.com/AvbeENgM
and epsio decryption utility:
https://gist.github.com/luca-m/212395d4fa721826106343416b0edd64

H/T:
@r3dbU7z -> https://twitter.com/r3dbU7z/status/1627205584108896256

You send a string of 9000 A's and see the telltale 1010 pattern in the memory dump after the program crashes. You frantically check the #debugger, but the memory address for the #overflow seems random everytime. But wait, if you add 1C to EAX, you get the start of where memory was overwritten everytime. Just to be safe you put in a couple 0x90s to get a nice #nop sled into your #shellcode. You lower your hoodie and run your hand through your hair. Damn you're good.

#hacker #synthesizer #music

What is everyone’s crown #cybersecurity achievement? Mine was implementing RSA #encryption (including bigint modpow functionality) as x86 #shellcode.

💪 Arm yourself with new knowledge this Thursday, and watch Saumil Shah’s (@therealsaumil) #workshop “An Introduction to #ARM64 #Assembly and #Shellcode” of the #RETURN2WORKSHOP event last December. Happy watching!

🎥 https://youtu.be/H1OB1k4JxhA

Are you interested in learning more about #ARM64, and how to run exploits for ARM64 #IoT devices? Then sign up for Saumil’s brand-new #training in February: “The ARM64 #Exploit Laboratory”. Go to our website for more details and to sign up!

🎟️ https://ringzer0.training/trainings/the-arm64-exploit-laboratory.html

✨ Avoiding Detection with Shellcode Mutator

▶️ Mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious

Repository:
https://github.com/nettitude/ShellcodeMutator

Article:
https://labs.nettitude.com/blog/shellcode-source-mutations/

#shellcode #redteaming #pentesters #redteamtips #infosec #exploitation #binaryexploitation

What would be a good name for execve("/bin/sh") shellcode payloads?
#shellcode #namingthings

💪 LAST CALL for @therealsaumil's FREE #workshop “An Introduction to #ARM64 Assembly and Shellcode”! Get hands-on skills in writing ARM64 #assembly code, and write your own ARM64 #shellcode. Don’t forget to score your #free ticket - sign up now! 👇

🎟️ https://ringzer0.training/workshops.html

Looking at IPv6 reverse shell shellcodes and noticed most of them are hardcoded to use an IPv4 address and convert it to an IPv6-to-IPv4 mapped address (aka ::ffff:A.B.C.D). This is kind of BS, as it prevents you from specifying a fully qualified IPv6 address. It would be fairly easy to add additional instructions that loads in the hi/lo parts of the IPv6 address, negates them to avoid \x00 bytes, then push them onto the stack for sockaddr_in6.sin6_addr.
#shellcode #ipv6 #pentesting

💪 ICYMI - @therealsaumil’s #FREE workshop is in two days! Learn more about #ARM64 and the key differences to ARM32 from an #assembly language perspective, get hands-on skills in writing ARM64 assembly code, and write your own ARM64 #shellcode!

🎟️ ringzer0.training/workshops.html

well my ticket about #BitDefender not respecting excluded folders that contain #shellcode and/or #exploit code (and even tools like `lspci`) is finally being escalated to someone that hopefully knows what i'm even talking about.

i don't know how other #infosec people deal with this on self-managed personal workstations but my solution for macOS workstations is BitDefender and i would be so happy if it wasn't training me to click "exclude" every single day.

💪 Want to learn more about #ARM64? Join Saumil Shah’s FREE workshop, and learn the key differences between ARM32 and ARM64 from an #assembly language perspective, get hands-on skills in writing ARM64 assembly code, and write your own ARM64 #shellcode!

🎟️ https://ringzer0.training/workshops.html

Should reverse shell shellcode payloads accept only IPs, or accept host names and automatically resolve them to IPs?
#shellcode #pentesting

Pro tip: if you're baffled how a piece of #shellcode is able to bind/listen/accept while appearing to call getuid over and over it's because you're looking at the wrong #syscall table

💪 Want to learn more about #ARM64? Join Saumil Shah’s (@therealsaumil) FREE workshop, and learn the key differences between ARM32 and ARM64 from an #assembly language perspective, get hands-on skills in writing ARM64 assembly code, and write your own ARM64 #shellcode!

🎟️ https://ringzer0.training/workshops.html

Since 2022 is almost over, I think it’s time to boost some of the most successful articles published on the @hnsec blog this past year.

Let’s begin with our #zyxel #audit series at https://security.humanativaspa.it/tag/zyxel/

Zyxel #firmware extraction and #password analysis
https://security.humanativaspa.it/zyxel-firmware-extraction-and-password-analysis/

Multiple #vulnerabilities in Zyxel zysh
https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/

Zyxel authentication bypass #patch analysis (CVE-2022-0342)
https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/

Useless path #traversals in Zyxel admin interface (CVE-2022-2030)
https://security.humanativaspa.it/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030/

New (and old) #shellcode samples
https://security.humanativaspa.it/new-and-old-shellcode-samples/

Enjoy!

i found the outline i wrote up of all the #ARM #exploitation #blog posts i had planned to write back in 2019/2020 before shit in my personal life became too difficult for there to be room for such things.
i think i'm going to pick those back up and bring them to fruition.
the topics, each with various sub topics for individual posts are:

• tips tricks and caveats
• #ROP chaining
• #shellcode creation, debugging, and use
• stack corruption
• heap corruption
• info leaks
• real world #bugs as exercises

i would also like to bring back the live n-day exploit dev sessions on the @exploiteers discord some time in the near future.

I share with you some SHELLCODES that I programmed in ASM for the Windows x86/64 platform. #ASM #SHELLCODE
https://github.com/sasaga/SHELLCODES-WINDOWS

⚙️​ BrokenFlow: A simple PoC to invoke an encrypted shellcode by using an hidden call

https://github.com/enkomio/BrokenFlow

Invoking encrypted shellcode by using hidden call, Antonio Parata.

#shellcode #staticanalysis

𝐒𝐡𝐞𝐥𝐥𝐜𝐨𝐝𝐞 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭

Rop with shellcode
https://lnkd.in/d2rXu_aq

Rop Injector
https://lnkd.in/dJ6K8tRk

OSED Scripts
https://lnkd.in/dXbKWWHU

Shellcode Development Article
https://lnkd.in/dzwwzbe8

Book: The Shellcoder's Handbook
https://lnkd.in/dSa38D5T

Awesome Exploit Development
https://lnkd.in/gsYRqdgZ

Download ebook: https://lnkd.in/e-UyPeV

#shellcode #bufferoverflow #pentest #hacking #cybersecurity #redteam #informationsecurity

Should shellcode still be included in an exploit framework in the year 2022?
#shellcode #exploit #infosec