GitHub

dmore/InflativeLoading-red-convert-native-exe-to-PIC-shellcode

Only a few bytes in the PE header, such as e_lfanew, RVA of Import Directory, are essential to complete the loading process. Therefore, other bytes can be overwritten with random ones to hide PE ...
GitHub

Encoding-and-loading-shellcode-from-PNG

The encoding method is done using a simple XOR. However, the bytes placement follows a pattern. The operation done by the Python script is the following: I generate a first random integer with a value ...
Microsoft

Shellcode Analysis via MSEC Debugger Extensions

In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the ...
ZDNet

Security firms dismiss English shellcode threat

IT security experts have dismissed a research paper warning about malware that can be hidden within what appears to be plain English prose, noting that this threat is nothing new. In a recent report ...