I've been working my way through the SecurityTube Linux Assembly Expert course for the past few days.
The final exam for the course consists of writing a series of blog posts to cover seven assignments set out for the students (me) to complete.
The assignments are as follows:
- Create Bind TCP Shellcode
- Shellcode binds to a port
- Executes a shell on an incoming connection
- Port number should be easily configurable
- Shellcode connects to IP and port
- Passes a shell on connection
- IP and port number should be easily configurable
- Create Egg Hunter Shellcode
- Configurable for different payloads
- Create a custom Shellcode encoder
- Encode a stack based execve shell using the custom encoder
- Analyse at least 3 payloads provided by metasploit
- Select 3 shells from Shell-Storm
- Modify shells to be polymorphic
- New Shellcode must not be >150% in size from the original
- Encrypts and Decrypts Shellcode
Over the next few days I will posting up my assignments. Hopefully they will help some people with their learning. I'm not saying they will be perfect and I welcome any feedback/advice if anyone spots anything wrong or has any suggestions.
All the code used in the blog posts will be shared in my github repository.
All code will be provided under Creative Commons Zero 1.0
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
Student ID: SLAE-734