This tutorial is part of the SecurityTube Linux Assembly Expert certification.
The goal of this assignment is to create a custom insertion encoding scheme, a proof of concept for an execve-stack shellcode.
The tutorial will contain example source with comments. Listed source code may have formatting issues so best place to obtain copies is from the project’s Github repo.
This assignment will build from the previous assignments and so will not be reiterating explanations already covered there.
Sometimes delivering the an exploit payload with just a plain shellcode will not suffice when it comes to situations where a signature based protection, such as Anti-Malware is in place. This is where techniques for obfuscating the final shellcode comes into play.
Generally two methods exist, encryption and encoding, the later being simpler. This assignment will demonstrate a simple insertion based algorithm which will insert a random byte…
View original post 2,087 more words