Open navigation menu

Welcome to Scribd!

SAS v1.0 Azeria

Uploaded by

0% found this document useful (0 votes)

20 views20 pages

The document discusses how to write ARM 32-bit shellcode in six minutes. It provides instructions on ARM and Thumb instructions, registers, switching between ARM and Thumb modes, and templates for creating a socket, connecting to it, duplicating file descriptors, and spawning a shell to create a reverse shell. The goal is to generate a reverse shell using just ARM assembly code within a short period of time.

Original Description:

Original Title

SAS-v1.0-Azeria

Copyright

© © All Rights Reserved

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

The document discusses how to write ARM 32-bit shellcode in six minutes. It provides instructions on ARM and Thumb instructions, registers, switching between ARM and Thumb modes, and templates for creating a socket, connecting to it, duplicating file descriptors, and spawning a shell to create a reverse shell. The goal is to generate a reverse shell using just ARM assembly code within a short period of time.

Copyright:

© All Rights Reserved

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

20 views20 pages

SAS v1.0 Azeria

Uploaded by

The document discusses how to write ARM 32-bit shellcode in six minutes. It provides instructions on ARM and Thumb instructions, registers, switching between ARM and Thumb modes, and templates for creating a socket, connecting to it, duplicating file descriptors, and spawning a shell to create a reverse shell. The goal is to generate a reverse shell using just ARM assembly code within a short period of time.

Copyright:

© All Rights Reserved

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 20

Search inside document

EXPLORING NEW DEPTHS OF

THREAT HUNTING
...OR HOW TO WRITE ARM 32-BIT SHELLCODE IN SIX MINUTES

Maria ‘Azeria’ Markstedter

Azeria Labs, @Fox0x01
Security Analyst Summit 2018 2
INSTRUCTIONS

ARM instructions = 32-bit

Thumb instructions = 16-bit

Security Analyst Summit 2018 3

INSTRUCTIONS

Security Analyst Summit 2018 4

REGISTERS (ARM 32-BIT)

Security Analyst Summit 2018 5

DE-NULLIFICATION

Security Analyst Summit 2018 6

SWITCH TO THUMB

Security Analyst Summit 2018 7

YARA: SWITCHING TO THUMB

Security Analyst Summit 2018 8

GOAL: REVERSE SHELL

Security Analyst Summit 2018 9

TEMPLATE

Security Analyst Summit 2018 10

CREATE SOCKET

Security Analyst Summit 2018 11

YARA: SOCKET

Security Analyst Summit 2018 12

YARA: SOCKET

Security Analyst Summit 2018 13

CONNECT

Security Analyst Summit 2018 14

STDIN, STDOUT, STDERR

Security Analyst Summit 2018 15

YARA: DUP2

Security Analyst Summit 2018 16

SPAWNING SHELL

Security Analyst Summit 2018 17

YARA: BINSH

Security Analyst Summit 2018 18

Security Analyst Summit 2018 19
Security Analyst Summit 2018 20

You might also like

Mastering Assembly Programming
Document285 pages
Mastering Assembly Programming
rody692
100% (4)
tHREAT HUNTING
Document78 pages
tHREAT HUNTING
mohan
No ratings yet
Spinnaker SDK and Cooled Cameras - For Distribution - en
Document21 pages
Spinnaker SDK and Cooled Cameras - For Distribution - en
carlosjulioph
No ratings yet
Encrypted TCP Chat Using RSA and AES Algorithm
Document25 pages
Encrypted TCP Chat Using RSA and AES Algorithm
Pavan Preetham Valluri
No ratings yet
Kaspersky Internet Security Serial Number and Activation Code 2018
Document10 pages
Kaspersky Internet Security Serial Number and Activation Code 2018
cory
No ratings yet
Ic 06 2018 en
Document52 pages
Ic 06 2018 en
Ionescu Radu
No ratings yet
White Paper Template 27
Document44 pages
White Paper Template 27
Mihaela Derdeva
No ratings yet
White Paper Template 27
Document44 pages
White Paper Template 27
m
No ratings yet
MacOS Hardening
Document130 pages
MacOS Hardening
goodgnom
No ratings yet
Recent Results On Stream Ciphers
Document71 pages
Recent Results On Stream Ciphers
Raahul Sen
No ratings yet
ICM Scripting Troubleshooting Tools and Methods
Document23 pages
ICM Scripting Troubleshooting Tools and Methods
Rogelio Ramirez Millan
No ratings yet
Example CSCRM Strategy Implementation Plan
Document22 pages
Example CSCRM Strategy Implementation Plan
eser
No ratings yet
UKGC 2016 Remote Gambling and Software Technical Standards
Document34 pages
UKGC 2016 Remote Gambling and Software Technical Standards
AnkitJuneja1
No ratings yet
MIPS
Document27 pages
MIPS
Shivang Agarwal
No ratings yet
Security Information and Event Management (SIEM) Report From PeerSpot 2023-07-29 16qn
Document47 pages
Security Information and Event Management (SIEM) Report From PeerSpot 2023-07-29 16qn
ali topan
No ratings yet
Micro Solutions
Document32 pages
Micro Solutions
VarunKaradesai
No ratings yet
Mastering Assembly Programming: From Instruction Set To Kernel Module With Intel Processor
Document270 pages
Mastering Assembly Programming: From Instruction Set To Kernel Module With Intel Processor
Alain Erson Frantz
No ratings yet
GRM Tools Creative - Eng
Document37 pages
GRM Tools Creative - Eng
Sergio Fidemraizer
No ratings yet
Visionsystemsdesign201811 DL
Document60 pages
Visionsystemsdesign201811 DL
hemnathavlsigmailcom
No ratings yet
Isea Pam Uio
Document4 pages
Isea Pam Uio
DamPad
No ratings yet
Reloj Biométrico
Document29 pages
Reloj Biométrico
Franklin Rivera
No ratings yet
Gartner Magic Quadrant For SIEM Products (2010-2020) - Info Security Memo
Document7 pages
Gartner Magic Quadrant For SIEM Products (2010-2020) - Info Security Memo
Alek Grbavica
No ratings yet
Cs731 Project Presentation
Document15 pages
Cs731 Project Presentation
Susovan
No ratings yet
Adafruit Amg8833 8x8 Thermal Camera Sensor
Document35 pages
Adafruit Amg8833 8x8 Thermal Camera Sensor
Aschtung Yep
No ratings yet
Xapp386, Coolrunner-Ii Serial Peripheral Interface Master
Document21 pages
Xapp386, Coolrunner-Ii Serial Peripheral Interface Master
Magendran PK
No ratings yet
Smart Conn Getstart
Document61 pages
Smart Conn Getstart
Alexis Ahmed
No ratings yet
Top 100 Security Tools
Document5 pages
Top 100 Security Tools
Guillermo J Alonso
No ratings yet
Atomic Wallet
Document37 pages
Atomic Wallet
Farooq Miza
No ratings yet
Top 100 Security Tools
Document5 pages
Top 100 Security Tools
snooper5813
No ratings yet
CrypTool Book
Document552 pages
CrypTool Book
Interamericano Arequipa
No ratings yet
Capture D'écran . 2023-12-08 À 09.15.51
Document38 pages
Capture D'écran . 2023-12-08 À 09.15.51
echchoura71
No ratings yet
Https Duckduckgo Com Q "Cryptool"+aes+histogram+256&norw 1&t Ffab&ia Web
Document6 pages
Https Duckduckgo Com Q "Cryptool"+aes+histogram+256&norw 1&t Ffab&ia Web
anonymousmail
No ratings yet
The Salsa20 Family of Stream Ciphers
Document15 pages
The Salsa20 Family of Stream Ciphers
Vũ Tiến Thành - B18DCAT237
No ratings yet
Argyll CMS
Document12 pages
Argyll CMS
Blakko
No ratings yet
Certik Final Report For BTCST
Document15 pages
Certik Final Report For BTCST
Optimuz Optimuz
No ratings yet
Breaking Hitag 2 Revisited: A. Bogdanov and S. Sanadhya (Eds.) : SPACE 2012, LNCS 7644, Pp. 126-143, 2012. C
Document18 pages
Breaking Hitag 2 Revisited: A. Bogdanov and S. Sanadhya (Eds.) : SPACE 2012, LNCS 7644, Pp. 126-143, 2012. C
اليزيد بن توهامي
No ratings yet
MSP430™ FRAMTechnology - HowTo and BestPractices
Document21 pages
MSP430™ FRAMTechnology - HowTo and BestPractices
呂柏勳
No ratings yet
04 Tigers H Arc Compute Operations
Document22 pages
04 Tigers H Arc Compute Operations
B J CHY
No ratings yet
Xforce Meshmixer 2018 Crack PDF
Document3 pages
Xforce Meshmixer 2018 Crack PDF
Melissa
No ratings yet
Lab 2 F20
Document4 pages
Lab 2 F20
Ivan
No ratings yet
16 Bits Microcontrollers
Document5 pages
16 Bits Microcontrollers
Gabriel Villanueva
No ratings yet
Techaudit Eternal
Document12 pages
Techaudit Eternal
enzo
No ratings yet
Security Enhancement of Blowfish Block Cipher: August 2016
Document9 pages
Security Enhancement of Blowfish Block Cipher: August 2016
addis alemu
No ratings yet
Breaking Hitag2 With Reconfigurable Hardware: August 2011
Document7 pages
Breaking Hitag2 With Reconfigurable Hardware: August 2011
LIRO ROMA
No ratings yet
Easttom PPT 06 Final
Document25 pages
Easttom PPT 06 Final
mohamedabdulkadir767
No ratings yet
DMC Lab
Document21 pages
DMC Lab
Anurag kumar
No ratings yet
CT Book en
Document551 pages
CT Book en
dereje
No ratings yet
A Guide to RISC Microprocessors
From Everand
A Guide to RISC Microprocessors
Florence Slater
No ratings yet
Adafruit Data Logger Shield
Document68 pages
Adafruit Data Logger Shield
Arieffin Natawidjaja
No ratings yet
Petit Fat File System 00002799A
Document18 pages
Petit Fat File System 00002799A
encup
No ratings yet
Gamechain: A Proposal For Game Progress Traceability Using Blockchain
Document21 pages
Gamechain: A Proposal For Game Progress Traceability Using Blockchain
Rafael Garcia
No ratings yet
Fixed Point Arm
Document14 pages
Fixed Point Arm
girik2009
No ratings yet
Numitor Tech Audit
Document10 pages
Numitor Tech Audit
Sam Fola
No ratings yet
ATMEL AVR Datasheet
Document31 pages
ATMEL AVR Datasheet
miperrorufo
No ratings yet
Scanning Networks - Pro Guide
Document32 pages
Scanning Networks - Pro Guide
ZyzzzAziz
No ratings yet
Lab Manual CS 1-2
Document23 pages
Lab Manual CS 1-2
Sandip Mourya
No ratings yet
AN2572 ADC Oversampling
Document20 pages
AN2572 ADC Oversampling
Hugo Mefistofoles
No ratings yet
Tech Audit: Smart Contract Security Audit
Document13 pages
Tech Audit: Smart Contract Security Audit
Dani Setianto
No ratings yet
Sandip - PR 1 2 Cs
Document23 pages
Sandip - PR 1 2 Cs
Sandip Mourya
No ratings yet
Advanced Raspberry Pi: Raspbian Linux and GPIO Integration
From Everand
Advanced Raspberry Pi: Raspbian Linux and GPIO Integration
Warren Gay
No ratings yet
How To Extract and Disassemble A Linux ..
Document6 pages
How To Extract and Disassemble A Linux ..
hombre pocilga
No ratings yet
How To Reverse Engineer
Document4 pages
How To Reverse Engineer
hombre pocilga
No ratings yet
How To Solve The Malwarebytes CrackMe - ..
Document17 pages
How To Solve The Malwarebytes CrackMe - ..
hombre pocilga
No ratings yet
Reverse Engineering An Android Application (APK Hacking)
Document5 pages
Reverse Engineering An Android Application (APK Hacking)
hombre pocilga
No ratings yet
2014 EN AdvancedBootkitTechniquesOnAndroid ChenZhangqiShendi
Document66 pages
2014 EN AdvancedBootkitTechniquesOnAndroid ChenZhangqiShendi
hombre pocilga
No ratings yet
Woot17 Paper Kurmus
Document9 pages
Woot17 Paper Kurmus
hombre pocilga
No ratings yet
Unpacking Find 7 (A) Kernel Zimages For ..
Document2 pages
Unpacking Find 7 (A) Kernel Zimages For ..
hombre pocilga
No ratings yet
Reverse Engineering Android's Aboot
Document5 pages
Reverse Engineering Android's Aboot
hombre pocilga
No ratings yet
New-48v Lifepo4 Battery User Manual
Document19 pages
New-48v Lifepo4 Battery User Manual
hombre pocilga
No ratings yet
JK BMS Bluetooth Manual: Tel/whatsapp:86-13924612941
Document19 pages
JK BMS Bluetooth Manual: Tel/whatsapp:86-13924612941
hombre pocilga
No ratings yet
Visual Binary File Analysis With Python - Cmattoon
Document38 pages
Visual Binary File Analysis With Python - Cmattoon
hombre pocilga
No ratings yet
Permeate Pump 7 14 17
Document12 pages
Permeate Pump 7 14 17
hombre pocilga
No ratings yet
BL8023C Datasheet V1.5
Document6 pages
BL8023C Datasheet V1.5
hombre pocilga
No ratings yet
EVE 160ah LF160 Product Specification
Document12 pages
EVE 160ah LF160 Product Specification
hombre pocilga
No ratings yet