My Never-ending Quest to Break Gscript

What in the Wild World of Extreme Sports is Gscript? Gscript is a tool that bundles multiple malware payloads into 1 self-contained binary. Manually pushing malware payloads to a system is time consuming and error prone. The longer an attacker is inside of a system executing commands, the more likely they are to be detected. …

Continue reading My Never-ending Quest to Break Gscript

Building a Hardened Shell For Attack/Defend CTF Supremacy

Why do this? After playing the Pros versus Joes CTF on multiple occasions, a common tactic employed by the red team is to add malicious entries to bashrc, profile, and such. This is a common and documented persistence technique: https://attack.mitre.org/techniques/T1156/ Bash and other shells can be used to create sockets if they are configured/compiled to …

Continue reading Building a Hardened Shell For Attack/Defend CTF Supremacy

packet_write_wait: Connection to X.X.X.X port 22: Broken pipe

I was trying to SSH into a machine from my Kali Linux VM shortly after updating packages and encountered this error immediately after authenticating: packet_write_wait: Connection to X.X.X.X port 22: Broken pipe I was using VMWare Workstation. SSH on my host was working as expected. Another VM in VirtualBox was working just fine, too. Another …

Continue reading packet_write_wait: Connection to X.X.X.X port 22: Broken pipe

Bypassing IPv4 Security Measures Using IPv6

Introduction It is July 1st, 2018. Many systems and network administrators have a solid understanding of IPv4 networking and its underlying protocols, but little or no experience using IPv6. This is crazy to me, but we live in interesting times. IPv6 has been around for quite some time, but it still hasn’t been fully adopted. …

Continue reading Bypassing IPv4 Security Measures Using IPv6

SLAE #7: Shellcode Crypter for Linux/x86

Introduction This blog series has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-877 To get the code provided in this exercise: % git clone https://github.com/droberson/SLAE.git The code will be within the Assignment-7 directory. RC4 I decided to use the RC4 algorithm due to the fact that …

Continue reading SLAE #7: Shellcode Crypter for Linux/x86

SLAE #6: Polymorphic Shellcode for Linux/x86

Introduction This blog series has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-877 To get the code provided in this exercise: % git clone https://github.com/droberson/SLAE.git The code will be within the Assignment-6 directory. What is Polymorphic Shellcode? Quoting the Wikipedia article about Polymorphic Code directly: In …

Continue reading SLAE #6: Polymorphic Shellcode for Linux/x86

SLAE #5: Reverse Engineering Shellcode for Linux/x86

Introduction This blog series has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-877 To get the code provided in this exercise: % git clone https://github.com/droberson/SLAE.git The code will be within the Assignment-5 directory. Assignment Outline This particular assignment is to dissect three shellcodes from msfpayload using …

Continue reading SLAE #5: Reverse Engineering Shellcode for Linux/x86