Didier Stevens

Tuesday 8 November 2011

White Hat Shellcode Workshop: Enforcing Permanent DEP

Filed under: Shellcode — Didier Stevens @ 21:12

Here’s a video of an exercise in my White Hat Shellcode Workshop I gave at Brucon in September.

Tuesday 4 May 2010

Writing WIN32 Shellcode With a C-compiler

Filed under: My Software,Shellcode — Didier Stevens @ 10:17

I wrote an article in Hakin9 magazine how to write shellcode with a C-compiler.

People before me have worked out methods to do this; the advantage of my method is that you can debug your shellcode inside the Visual Studio IDE.

The template can be found here.

Tuesday 13 April 2010

.NET Shellcode

Filed under: .NET,Shellcode — Didier Stevens @ 0:00

As it is easy to instantiate the CLR in a process and load an assembly from C-code, I developed shellcode to load a .NET assembly in the injected process.

This allows you to leverage the extended Framework Class Library in your penetration tests.

Wednesday 17 March 2010

Tweet Shellcode

Filed under: My Software,Shellcode — Didier Stevens @ 21:33

As its name implies: shellcode to send a Twitter update.

Monday 22 February 2010

Ping Shellcode

Filed under: My Software,Shellcode — Didier Stevens @ 10:26

I’ve added 2 new assembly source files for shellcode to execute a ping.

First one does a simple ping, second one does a ping with the computername and username in the ICMP packet data.

Tuesday 16 February 2010

MemoryLoadLibrary: From C Program to Shellcode

Filed under: Hacking,My Software,Shellcode — Didier Stevens @ 0:40

The DLL-loading shellcode I used in my cmd.xls spreadsheet was generated with a method I worked out to generate WIN32 shellcode with a C-compiler. You can find it on my new Shellcode page.

With this release, I provide you with all the tools you need to build your own version of cmd.xls:

« Previous Page

Blog at WordPress.com.