Blu3gl0w13's Blog

  After recently finishing both the SLAE ( http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html ) and SLAE64 ( http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html ) courses available through SecurityTube Training, and earning both certifications, I thought I would write a review of the training itself. Personally, I chose these course as a way to learn Assembly in preparation for the Crack The Perimeter (CTP) course and OSCE certification. After taking the Pentesting With Kali (PWK) class and earning the OSCP, I knew I needed to fill some gaps in my knowledge, and specifically with C and Assembly programming. Seeing that there aren't many training offerings that aim to teach Assembly specific to penetration testing and shellcoding, I gave SLAE a try.   If you don't care about the certification itself, you can obtain all of SecurityTube's videos for a small monthly fee through P

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below. Previous Posts: SLAE64 - Assignment 1 SLAE64 - Assignment 2 SLAE64 - Assignment 3 SLAE64 - Assignment 4 SLAE64 - Assignment 5 SLAE64 - Assignment 6 The requirements for Assignment 7 are as follows: Create a custom crypter like the one shown in the "crypters" video Free to use any existing encryption schema Can use any programming language

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below. Previous Posts: SLAE64 - Assignment 1 SLAE64 - Assignment 2 SLAE64 - Assignment 3 SLAE64 - Assignment 4 SLAE64 - Assignment 5 The requirements for Assignment 6 are as follows: Take up 3 shellcodes from shell-storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Bonus points for making it shorter in length than original

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below. Previous Posts: SLAE64 - Assignment 1 SLAE64 - Assignment 2 SLAE64 - Assignment 3 SLAE64 - Assignment 4 The requirements for Assignment 5 are as follows: Take up at least 3 shellcode samples created using MSFPayload for linux/x86_64 Use GDB to dissect the functionality of shellcode Document your analysis

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below. Previous Posts: SLAE64 - Assignment 1 SLAE64 - Assignment 2 SLAE64 - Assignment 3 The requirements for Assignment 4 are as follows: Create a Custom encoding scheme like the "Insertion Encoder" we showed you PoC with using execve-stack as the shellcode to encode with your schema and execute The full scripts for this assignment can be found here: https://github.com/blu3gl0w13/SLAE64/tree/master/assignment-4 . Supplemental scripts for this assignment can be found here: https://github.com/blu3gl0w13/SLAE64/tree/master/scripts .

This post is a continuation of a seven (7) part series for the SLAE64 certification challenge. You can read the first two (2) posts by using the links below. Previous Posts: SLAE64 - Assignment 1 SLAE64 - Assignment 2 This was a good assignment. Like the SLAE32, I had to create an egg hunter. Here are this assignment's requirements: Study Egg Hunter shellcode Create working demo of Egg Hunter Should be configurable for different payloads

This is the second blog in the SLAE64 series as part of the certification challenge. If you want to read the previous post first, I provided a link below. Previous Posts: SLAE64 - Assignment 1 For this assignment, we had the following requirements: Create a Shell_Reverse_TCP Shellcode Reverse connects to configured IP and Port Needs a "Passcode" If Passcode is correct then Execs Shell Remove 0x00 from the Reverse TCP Shellcode discussed

Following completion of the SLAE32 course (http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html), I decided to take advantage of the Pentester Academy account we have at work to continue the training with SLAE64 (http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html). So, we'll delve into each assignment like we did before and because it's part of the certification challenge. Assignment 1 requirements are as follows: Create a Shell_Bind_TCP shellcode Binds to a port Needs a "Passcode" If Passcode is correct then Execs Shell Remove 0x00 from the Bind TCP Shellcode discussed

This is a continuation of a seven (7) part series for the SLAE32 Certification challenge. You can read the first six (6) parts here: Part 1 - Assignment 1 Part 2 - Assignment 2 Part 3 - Assignment 3 Part 4 - Assignment 4 Part 5 - Assignment 5 Part 6 - Assignment 6 The requirements for this assignment are as follows: Create a custom crypter like the one shown in the "crypters" video Free to use any existing encryption shcema Can use any programming language Full code can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-7 Supplemental scripts developed for this class can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts

This is a continuation of a seven (7) part series for the SLAE32 Certification challenge. You can read the first five (5) parts here: Part 1 - Assignment 1 Part 2 - Assignment 2 Part 3 - Assignment 3 Part 4 - Assignment 4 Part 5 - Assignment 5 The requirements for this assignment are as follows: Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Bonus points for making it shorter in length than original Full code can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-6 Supplemental scripts developed for this class can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts

This is a continuation of a seven (7) part series for the SLAE32 Certification challenge. You can read the first four (4) parts here: Part 1 - Assignment 1 Part 2 - Assignment 2 Part 3 - Assignment 3 Part 4 - Assignment 4 The requirements for this assignment are as follows: Take up at least 3 shellcode samples created using Msfpayload (msfvenom) for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Full code can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-5 Supplemental scripts developed for this class can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts

This is a continuation of a seven (7) part series for the SLAE32 Certification challenge. You can read the first three (3) parts here: Part 1 - Assignment 1 Part 2 - Assignment 2 Part 3 - Assignment 3 The requirements for this assignment are as follows: Create a custom encoding scheme like the "Insertion Encoder" we showed you PoC with using execve-stack as the shellcode to encode with your schema and execute The code for this assignment can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-4 Supplemental scripts I developed for this course can be found on GitHub here: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts

This is part three (3) in a seven (7) part series for the SecurityTube Linux Assembly Expert 32-bit certification challenge. You can find part one (1) here: Part 1 - Assignment 1 . You can read part two (2) here: Part 2 - Assignment 2 . In assignment three (3), we were given the following instructions: Study about the Egg Hunter shellcode Create a working demo of the Egg Hunter Should be configurable for different payloads The full code for this assignment can be found here: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-3 . Supplemental scripts can be found here: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts I must say, I really enjoyed this assignment. I had some experience with Egg Hunters during the Pentesting with Kali (PWK) course offered by Offensive Security. With my new found assembly skills though, this offered a chance to really understand some of the assembly instructions being used. For this assignment I relied heavily on the followi

Welcome to part two (2) in our seven (7) part series for the SecurityTube Linux Assembly Expert 32-bit certification challenge. This blog represents the second assignment out of seven (7) and the requirements for assignment two (2) are as follows: Create a Shell_Reverse_TCP shellcode Reverse connects to a configured IP and PORT Execs shell upon connection The IP and PORT should be easily configurable Part one (1) can be found here: https://infoseccafe.blogspot.com/2016/10/slae32-assignment-1.html The code for this assignment can be found on GitHub at the following location: https://github.com/blu3gl0w13/SLAE32/tree/master/assignment-2 Supplemental scripts that I developed for this class can be found on GitHub at the following location: https://github.com/blu3gl0w13/SLAE32/tree/master/scripts Compared to assignment one (1), this code was actually a lot shorter, and if we think about this a little bit, it makes a lot of sense. Instead of using four (4) different SOCKET syst

In preparation for the next Offensive Security certification class and challenge (CTP and OSCE), I decided to invest some time and energy into the Security Tube Linux Assembly Expert 32-bit class. That way I can have a solid foundation in understanding the finer workings of Assembly. Especially since my focus for my second Bachelor's degree was more along the lines of system administration and back-end web development instead of the programming focus of Computer Science. Still, I never stop with my learning and barely slow down at times. This was the first assignment out of seven (7) and the requirements for assignment one (1) were as follows: Create a Shell_Bind_TCP shellcode Binds to a port Execs shell upon connection The PORT number should be easily configurable This is a pretty standard request but I must admit the process was only somewhat familiar. I knew I could write the code pretty easily once I understood the process. For this, I had to fall back on my love

Back in 2014 I started down the Pentesting With Kali (PWK) course about a month after passing the CISSP exam, for which I self studied for about 4 months. What can I say, I was a glutton for punishment but it was well worth it. I started off with 90 days, but due to a crazy work schedule, wound up extending it another 30 for a total of 120 days of lab access. I'm not as young as I would like to think I am and have other important responsibilities as Dad and Husband which I consider "Priority 1". So, my time to study, perform the homework assignments, go through the modules, videos, and lab work were limited to 2 hours in the morning before work (typically 5am until 7am), and then again for a few hours after everyone was asleep in the house (typically 9pm until 11pm or Midnight). Weekends I could usually spend up to 6 hours on Saturdays and Sundays studying which helped tremendously. Other people have already done a great job at reviewing the PWK course and the OSCP chal