Category Uncategorized

Attacking the Attacker – Booby trapping legitimate applications to bait Attackers

vireniumk Leave a comment

TL;DR – By creating a code cave, it’s possible to embed your shellcode into any application.

I was at a university recently to talk about Penetration Testing and Red Teaming and what a normal day looks like in a penetration testers life. During the talk, a student asked me an interesting question “On your pentests, have you come across a client backdoored a file/executable and put it on a share for you to find which grants them a reverse shell?”. Let’s analyse this for a second. This is actually a brilliant idea. If you booby trap an application and name it something like a “Password Database” and leave it on a public share, chances are that an attacker may find it and run it on their VMs. If you play it right, you might get a shell on their VMs. Let’s see how we can go about creating such an application. Continue reading “Attacking the Attacker – Booby trapping legitimate applications to bait Attackers”

Reverse engineering – Breaking software restrictions

vireniumk 2 Comments

TL;DR Replacing crucial instructions with NOP can sometimes result in a bypass of software restrictions.

The long version is as follows. If you are a person who is interested in reverse engineering or exploit development, it would be safe to assume that you’ve heard of the amazing Corelan Team. Their exploit development tutorial here is a good starting point for anyone who wants to learn the basics of exploit development. I strongly recommend that you have a look at the tutorial before you continue.
Continue reading “Reverse engineering – Breaking software restrictions”