Sandbox Feeling

Sandbox Feeling

Sandbox evasion techniques are increasingly being used by malware writers. From the point of victim's side, these malware features can be put to good use by imitating some sandbox characteristics to fool the malware into thinking they're running in a sandbox, so to avoid detection they ...

more ...

How control flow guard works?

Control Flow Guard

Control Flow Guard, CFG for short, is relatively a recent exploit mitigation technique and it is targeting invalid indirect function calls. CFG is actually a compiler and OS feature. In simple words, compiler inserts new check function just before the real function call and OS handles the ...

more ...

Does KASLR make sense?

What's KASLR?

KASLR is ASLR (address space layout randomization) for kernel. In theory, KASLR patch randomize the base kernel address to some location while loading the kernel. Therefore, attacker cannot jump to some useful function or location. Really? Okay, just not that perfect, things are a little different in ...

more ...

[Turkish] Shellcode Encoder Aracı

Genelde bellek taşması problemlerinde bazen karakter sınırlaması bazen de IDS/IPS/AV'lerin kodunuzu bloklama derdiyle uğraşmanız gerekir. Bu tür durumlar için 32-bit shellcode'larda kullanabileceğiniz aşağıdaki aracı geliştirdim. Biraz uğraşarak bunu 64-bit'e çevirmeniz veya başka asm betiklerini eklemeniz mümkün.

Required arguments:
    -a <file>            : Available chars file.
    -s <file ...
more ...

Shellcode Encoder

If you're dealing with a character filter or byte restriction in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code, you can use this encoder for encoding your 32-bit x86 shellcode.

This technique was used by muts from offensive security. As a summary, shellcode ...

more ...