2020-04-20

Technical Analysis Of The Necr0 Python Malware

I recently got a hold of a malware sample written in python that dropped crypto currency miners, among other things. It was built with Python2.7 and was heavily obfuscated. I decided to analyse it and try to break it apart to understand it better and its …



2020-01-27

SLAE 7: Creating your own crypter using golang

In this article, we will build a simple crypter for encrypting and decrypting shellcode. I chose to implement the crypter in Go using environmental keys. I will not spend time implementing a fancy shellcode execution method in this article, only encryption …



2020-01-26

SLAE 6: Creating polymorphic shellcode

The goal of this article is to create polymorphic verions of three different shellcodes from http://shell-storm.org. Polymorphic shellcode has the ability to mutate its code everytime it runs. The instructions changes while algorithm stays intact. The …



2020-01-25

SLAE 5: Analyzing shellcode generated by msfvenom

In this article, I will analyse three shellcode samples generated by msfvenom, specifically: linux/x86/read_file linux/x86/adduser linux/x86/shell/reverse_tcp msfvenom --list payloads -a x86 --platform linux Let’s see if there is something new we can …



2020-01-24

SLAE 4: Custom encoder for bypassing signature based detection

Malware detection techniques has improved a lot over the years. Today companies are investing in machine learning methods for detecting malware, which sounds pretty cool if you ask me. However, there is one method that has been used since the first …



2020-01-22

SLAE 3: Egg hunting in Linux x86 Assembly

When writing exploits, you sometimes encounter a situation where your payload is too big, you can’t fit your payload inside the buffer. This is where “eggs” come in to play. The basic idea of egg hunting is to divide the payload in to two …