Author Archives: odzhan

Shellcode: Windows on ARM64 / AArch64

Posted on September 16, 2024 by odzhan

Introduction Back in October 2018, I wanted to write ARM assembly on Windows. All I could acquire then was a Surface tablet running Windows RT that was released sometime in October 2012. Windows RT (now deprecated) was a version of … Continue reading →

Posted in arm, assembly, shellcode, windows | Tagged ARM64, assembly, shellcode, windows | Leave a comment

Delegated NT DLL

Posted on February 13, 2024 by odzhan

Introduction redplait and Adam/Hexacorn already documented this in 2017 and 2018 respectively, so it’s not a new discovery. Officially available since RedStone 2 released in April 2017, redplait states it was introduced with insider build 15007 released in January 2017. … Continue reading →

Posted in data structures, security, windows | Tagged amd64, ARM64, hacking, internals, shellcode, structures, windows, x64, x86 | Leave a comment

WOW64 Callback Table (FinFisher)

Posted on April 19, 2023 by odzhan

Introduction Ken Johnson (otherwise known as Skywing) first talked about the KiUserExceptionDispatcher back in 2007 . Since then, scattered around the internet are various posts talking about it, but for some reason nobody demonstrating how to use it. It’s been … Continue reading →

Posted in assembly, data structures, programming, security, windows | Tagged windows, x64, x86 | 1 Comment

Shellcode: Linux on RISC-V 64-Bit

Posted on May 2, 2022 by odzhan

RISC-V (pronounced “risk-five” ) is an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles. Unlike most other ISA designs, RISC-V is provided under open source licenses that do not require fees to use. … Continue reading →

Posted in Uncategorized | Leave a comment

MiniDumpWriteDump via COM+ Services DLL

Posted on August 30, 2019 by odzhan

Introduction This will be a very quick code-oriented post about a DLL function exported by comsvcs.dll that I was unable to find any reference to online. UPDATE: Memory Dump Analysis Anthology Volume 1 that was published in 2008 by Dmitry … Continue reading →

Posted in windows | Tagged COM+ Services, comsvcs, minidumpwritedump, vbscript | Leave a comment

Shellcode: In-Memory Execution of JavaScript, VBScript, JScript and XSL

Posted on July 21, 2019 by odzhan

Introduction A DynaCall() Function for Win32 was published in the August 1998 edition of Dr.Dobbs Journal. The author, Ton Plooy, provided a function in C that allows an interpreted language such as VBScript to call external DLL functions via a … Continue reading →

Posted in assembly, programming, security, shellcode, windows | Tagged assembly, javascript, jscript, perl, python, shellcode, vbscript, x86 | Leave a comment

Shellcode: In-Memory Execution of DLL

Posted on June 24, 2019 by odzhan

Introduction In March 2002, the infamous group 29A published their sixth e-zine. One of the articles titled In-Memory PE EXE Execution by Z0MBiE demonstrated how to manually load and run a Portable Executable entirely from memory. The InMem client provided … Continue reading →

Posted in assembly, injection, programming, security, shellcode, windows | Tagged DLL, EXE, in-memory, x86 assembly | 4 Comments

Shellcode: Loading .NET Assemblies From Memory

Posted on May 10, 2019 by odzhan

Introduction The dot net Framework can be found on almost every device running Microsoft Windows. It is popular among professionals involved in both attacking (Red Team) and defending (Blue Team) a Windows-based device. In 2015, the Antimalware Scan Interface (AMSI) … Continue reading →

Posted in assembly, encryption, malware, programming, security, shellcode, windows | Tagged .net, c++, donut, dotnet, jscript, powershell, vbscript | 2 Comments

Shellcode: A reverse shell for Linux in C with support for TLS/SSL

Posted on April 24, 2019 by odzhan

Shellcode: A reverse shell in C for Linux with support for TLS/SSL Introduction History Definitions Position-independent code (PIC) Position-independent executable (PIE) Thread Local Storage or Transport Layer Security (TLS) Address Space Layout Randomization (ASLR) Executable and Link Format (ELF) Base … Continue reading →

Posted in assembly, linux, shellcode | Tagged libc, linux, shellcode, ssl, tls | Leave a comment

How the L0pht (probably) optimized attack against the LanMan hash.

Posted on February 2, 2019 by odzhan

Introduction Data Encryption Standard The LanMan Algorithm Brute Force Attack Version 1 Precomputing Key Schedules 1 Version 2 Using Macros For The Key Schedule Algorithm Initial and Final Permutation Skipping Rounds Version 3 Precomputing Key Schedules 2 Version 4 Results … Continue reading →

Posted in cryptography, passwords, programming, security, windows | Tagged crypto, lanman, microsoft, password cracking, windows | 1 Comment

Author Archives: odzhan

Recent Posts