Introduction

Most shellcode available on the internet comprises of two portions: a payload that is usually generated by msfvenom, and C boilerplate code to call it.

The compilation process is also routine, with many articles recommending to specify “execstack” to the linker, which sets the GNU_STACK header to “executable”. However, if you tried running this on a new Linux system (kernel >5.4), you would be in for a rude surprise as the program returns a segmentation fault when trying to execute your shellcode.

The solution in this case is simple. …


Program stability is somewhat different with regards to fuzzing versus how we generally perceive it.

Generally, we perceive program stability as — the program behaves in a consistent fashion and does not crash when we do an operation multiple times without restarting. A simple example for this would be opening a text file in notepad. Notepad should allow us to open a given text file multiple times without crashing, and it should load the file properly and display the contents to us.

Stability with regards to fuzzing goes slightly deeper — the program should behave in a consistent fashion. …


Problem

I was using DynamoRIO to do instruction tracing to troubleshoot the runtime execution stability of my program and a DLL it was loading and realised that I could not easily diff the files as the addresses were always different.

The output shown in Figure 1 illustrates a trace. My program starts to execute at line 83. The address — 0x20XXXX would be where my program was being loaded in. On modern Windows systems, this would be different whenever my program ran due to ASLR.

Disabling ASLR

The quick fix to this would have been: “use Windows 7 duh”. However, I didn’t think…


What is Fuzzing?

Fuzzing, or fuzz testing is an automated software testing technique that has been around for a long time. The popularity of fuzzing has greatly increased recently thanks to the accessibility of computing power, development of open-source (aka free) and easy to use fuzzing frameworks such as AFL and libFuzzer, and the increasing complexities of software.

So, what exactly does fuzzing do? These testing techniques involve providing invalid, unexpected, or random data as inputs to a computer program and it is a great way to test programs quickly in an automated fashion to find vulnerabilities in them. …


Introduction

Process injection is a camouflage technique used by malware. From the Task Manager, users are unable to differentiate an injected process from a legitimate one as the two are identical except for the malicious content in the former. Besides being difficult to detect, malware using process injection can bypass host-based firewalls and specific security safeguards.

What is Process Injection Used For?

There are various legitimate uses for process injection. For instance, debuggers can use it to hook into applications and allow developers to troubleshoot their programs. Antivirus services inject themselves into browsers to investigate the browser’s behaviour and inspect internet traffic and website content.

Can Process Injections Be Used For Malicious Purposes?

Process injections…

Angelystor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store