A couple of months back I signed up for the SecurityTube Linux Assembly Expert certification or ‘SLAE’. I’ve thoroughly enjoyed working through the course and overall its a very good introduction to x86 32-bit Assembly programming focusing on how it can be used to write shellcode, encoders, decoders and crypters. I’ve already signed up for their PowerShell for Pentesters certification and will probably also sign up for the Python for Pentesters and Hackers at some point in the future once I’ve completed the Powershell course and a couple of other certifications and training I already have on my to do list.
The certification exam requires the student complete 7 assignments listed below. As I work through the assignments I’ll update the headings below to include links to each assignment.
- Binds to a port
- Execs Shell on incoming connection
- The TCP port number should be easily configurable
- Reverse connects to configured IP and Port
- Execs shell on successful connection
- The IP and TCP port should be easily configurable
- Create a working demo of the Egghunter
- Should be configurable for different payloads
- PoC with using execve-stack as the shellcode to encode with your schema and execute
Assignment 5: Analyse at least 3 shellcode samples created using Msfpayload for linux/x86
- Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode
- Present your analysis of how the shellcode works
Assignment 6: Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching
- The polymorphic versions cannot be more than 150% the size of the original shellcode
- Bonus points for making it shorter in length than original
- Free to use any existing encryption schema
- Can use any programming language
As can be seen the exam is entirely practical. The practical nature of the certification exam is one of the aspects that I really liked about the certification.
The source code for each of the assignments can be found on github: