This shellcode is very similar to the Bindshell TCP shellcode, so please refer to it for the unique and interesting points. There is only 1 additional point I would like to make: Line 8/37: Listen on 127.1.1.1 instead of 127.0.0.1. This saves us from having to nullify the 2 bytes in the middle. ...

There are many SLAE64 blogposts each explaining their variant of shellcode out there. I thought I would join in the fun. This is my version of the Bindshell TCP shellcode. I'll keep it brief and only list down the interesting or unique points in my shellcode. Line 9: To reduce size, I only ...

When filesystems are mounted on a directory, existing files in that directory are hidden and will not be accessible until the mount point is removed. This is a relatively decent way to thwart or slow down online analysis of a system. A recursive listing of files will not reveal these hidden ...

Crypto used to refer to cryptography, the study of protecting the confidentiality and integrity of information. It is one of the purest branches of computer security. Theoretical cryptography is almost fully governed by the laws of mathematics and physics. The only breakthrough possible is ...

Timestomping is a favourite topic of red teamers and forensic analysts. They often speak about the tools and powershell commands that can be used to do timestomping. How do these tools work? In the course of developing nTimetools, I read up on the various APIs and the extent of ...

OpenVPN GUI will automatically run the following batch files if it exists. No changes to config file is needed, just drop the batch file in place. Possible privilege escalation if user runs OpenVPN GUI with administrator privileges and uses a VPN config in his home directory. ...

I recently decided to migrate my server cluster's logging mechanism from rsyslog to Splunk. My previous setup was to use rsyslog to centralise all logging onto /var/remotelog/ on a central server. I then configured the Splunk indexer to index both /var/log/ as well as /var/remotelog/, this ...

I was back at SANS October Singapore this year. Not much changed compared to the past year, the venue was the same, food was the same, even some of the course participants were familiar. This year, I signed up for the FOR508 course, as well as both NetWars Core and Defense. It was really tiring ...