Jakub Heba, Security Researcher @ AFINE

Research and Security of Web Applications, Assembly, Reverse Engineering. All kind of security related stuff.

View my GitHub

Articles and Tutorials

SLAE Course & Exam

Creating shellcode from scratch to launch bind shell, i.e. exposing a port waiting for connection from the attacker to whom the "/bin/sh" shell will be issued.

Creating shellcode from scratch that launches reverse shell, i.e. sending a "/bin/sh" shell remotely to the specified address and port, listening using for example netcat.

Creating three implementations of Egg Hunters, thanks to which it is possible to execute very long shellcode, with little buffer space.

Encoding (Python) and Decoding (NASM) of the selected shellcode using ROT13, XOR, 2-byte right shift and insertion.

Analysis and explanation of the techniques used by the Msfvenom tool from the Metasploit-framework package when creating three different shellcodes.

The use of polymorphism, i.e. optimization and change of programming techniques when writing code, while maintaining the function and operation of the program in relation to three ready shellcodes from shell-storm.org.

Implementation of AES 128 bit encryption with HMAC using SHA256 to make detection more difficult for anti-virus systems, using Python and shellcode running a reverse shell.