AWAE Course and OSWE Exam Review

AWAE Course and OSWE Exam Review

Introduction This is a review of the Advanced Web Attacks and Exploitation (WEB-300) course and its OSWE exam by Offensive-Security. I’ve taken this course because I was curious about what secret tricks this course will offer for its money, especially...

SLAE Course and Exam Review

As you may have noticed, I have posted a couple of articles about my SecurityTube Linux Assembly Expert exam during the last months. Now that I have successfully completed the course, I just want to share my thoughts about it for those of you who...

SLAE: Custom Crypter (Linux/x86)

Do you want to fool antivirus software? When you look through hacking forums for a solution to this, you will likely encounter the term “crypter”. You will also find this tool in the arsenal of every advanced penetration tester and it is the obvious...

SLAE: Polymorphic Shellcodes (Linux/x86)

Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but it has nothing to do with inventing fancy new hacking techniques, it’s rather about...

SLAE: Dissecting Msfvenom Payloads (Linux/x86)

One very common tool among penetration testers is Metasploit, which includes a lot of nice exploits and payloads. The 5th assignment of the SecurityTube Linux Assembly Expert certification is about Metasploit shellcode analyses for Linux/x86 target systems. The...

SLAE: Custom RBIX Shellcode Encoder/Decoder

Anti-Virus and Intrusion Detection Systems could become really nasty during a penetration test. They are often responsible for unstable or ineffective exploit payloads, system lock-downs or even angry penetration testers 😉 . The following article is about a...