Pages

Sunday, November 27, 2016

SLAE/SLAE64 Course Review

  After recently finishing both the SLAE (http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html) and SLAE64 (http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html) courses available through SecurityTube Training, and earning both certifications, I thought I would write a review of the training itself. Personally, I chose these course as a way to learn Assembly in preparation for the Crack The Perimeter (CTP) course and OSCE certification. After taking the Pentesting With Kali (PWK) class and earning the OSCP, I knew I needed to fill some gaps in my knowledge, and specifically with C and Assembly programming. Seeing that there aren't many training offerings that aim to teach Assembly specific to penetration testing and shellcoding, I gave SLAE a try.

  If you don't care about the certification itself, you can obtain all of SecurityTube's videos for a small monthly fee through Pentester Academy http://www.pentesteracademy.com/. We have a subscription where I work, so following the SLAE course, I jumped right into the videos for SLAE64 to learn the differences between ia-32 and x86_64 Assembly. After quickly identifying the main differences as it pertains to shellcode and system calls, I skimmed the remaining videos and signed up for the class and certification attempt. A week later, I was writing the scripts and blogging for the certification challenge. I also reused whatever code I could from the SLAE course and reworked those scripts to be compatible on x86_64. There were enough similarities between the two that this technique worked really well. Ok, enough of an intro, let's dive into the meat of each course. We'll start with the ia-32 SLAE course.

Sunday, November 13, 2016

SLAE64 - Assignment 7

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below.

Previous Posts:

The requirements for Assignment 7 are as follows:
  • Create a custom crypter like the one shown in the "crypters" video
  • Free to use any existing encryption schema
  • Can use any programming language

SLAE64 - Assignment 6

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below.

Previous Posts:

The requirements for Assignment 6 are as follows:
  • Take up 3 shellcodes from shell-storm and create polymorphic versions of them to beat pattern matching
  • The polymorphic versions cannot be larger 150% of the existing shellcode
  • Bonus points for making it shorter in length than original

SLAE64 - Assignment 5

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below.

Previous Posts:

The requirements for Assignment 5 are as follows:
  • Take up at least 3 shellcode samples created using MSFPayload for linux/x86_64
  • Use GDB to dissect the functionality of shellcode
  • Document your analysis

SLAE64 - Assignment 4

This post is a continuation of a seven (7) part blog series as part of the SLAE64 certification challenge. You can read the previous blog posts using the links below.

Previous Posts:

The requirements for Assignment 4 are as follows:
  • Create a Custom encoding scheme like the "Insertion Encoder" we showed you
  • PoC with using execve-stack as the shellcode to encode with your schema and execute
The full scripts for this assignment can be found here: https://github.com/blu3gl0w13/SLAE64/tree/master/assignment-4.

Supplemental scripts for this assignment can be found here: https://github.com/blu3gl0w13/SLAE64/tree/master/scripts.