Ethical Hacking Blog
In this blog post, I will be summarising my journey towards the OSCE3 certification from Offsec. Approximately a week after I finished the OSED exam, I got the confirmation from Offsec that I’d finally completed the OSCE3: Timeline My OSCE3 journey took me just over three years of on and off studying; I completed the…
In this blog post, I summarise my experience taking the Offsec Exploit Developer (OSED) course, including required knowledge, the exam, and my personal highlights. Overview The EXP-301 course, aka "Windows User Mode Exploit Development" (WUMED) is the last of Offsec’s revamped Offensive Security Certified Expert (OSCE3) courses, and was released to refresh the low level…
In this blog post, I summarise my experience taking the Offensive Security macOS Researcher (OSMR) course, including the main course content, study approach, and key takeaways. Overview EXP-312 is Offsec’s latest exploit development course which teaches you how to find and exploit logic flaws in the macOS operating system. Since the original release of the…
In this blog post, we will be covering an implementation of a custom crypter using AES encryption. This post follows on in our blog series created for the SLAE32 certification course provided by Pentester Academy. Overview A crypter is a piece of code which can be used to encrypt a file, executable or shellcode buffer.…
In this blog post, we will be covering the concept of polymorphism, and how it can be used to modify shellcode to bypass antivirus signature detection. This post follows on in our blog series created for the SLAE32 certification course provided by Pentester Academy. Overview Antivirus solutions tend to rely on two main detection mechanisms…
In this blog post, we will be covering our process behind reverse engineering and understanding popular shellcode payloads maintained in the payload module of the Metasploit project, MSFvenom. As this blog series is based on x86 Linux, this post will focus on payloads supporting this architecture and platform. This post is the fifth entry in…
In this blog post, we cover how to implement a custom shellcode encoder for x86 Linux in assembly. This post follows on in the series of posts created for the SLAE32 certification course provided by Pentester Academy. Overview To prevent a shellcode payload from being fingerprinted by AV solutions, it is necessary to obfuscate its…
In this blog post, we will be covering our process behind understanding and implementing egg hunter shellcode for x86 Linux in assembly. This post follows on in the series of posts created for the SLAE32 certification course provided by Pentester Academy. Overview During exploit development, one of the key contraints separating a successful exploit from…
In this blog post, we will be covering the process behind writing and analysing an x86 TCP reverse shell for Linux in assembly. This post follows on in the series of posts created for the SLAE32 certification course provided by Pentester Academy. Overview The code for the TCP reverse shell will consist of the following…
In this blog post, we will be covering the process behind writing and analysing an x86 TCP bind shell for Linux in assembly. This post will be the first in a series of posts created for the SLAE32 certification course provided by Pentester Academy. Overview The code for the TCP bind shell will consist of…