SLAE Assignment 4 – Custom Encoder

Assignment Create a custom encoding scheme like the “Insertion Encoder” we showed you PoC with using execve-­‐stack as the shellcode to encode with your schema and execute Approach So for our 4th assignment we need to create a custom encoder then decoder stub in assembly to decrypt the encoded payload and execute our shell code. For this I will be using a XANAX encoding scheme. Xor add not add xor  First we will write an encoder in python followed by the decoder in assembly. Encoder The one small gotcha within the code was the not function which creates a negative... Read more

SLAE Assignment 3 – Egg Hunters

Assignment Study about the Egg Hunter shellcode Create a working demo of the Egghunter Should be configurable for different payloads What is an Egg Hunter? A egg hunter is a small piece of code that is used to search memory for an identifying stub and then direct execution flow to the area of memory directly after the identifier (egg). This is typically useful in exploitation scenarios where available space for shellcode is not big enough to hold a full payload. In this case a small egg hunter shell code can be used to search memory for a larger shell code... Read more

SLAE Assignment 2 – Reverse Shell – Shell-code

Intro So assignment two is similar to assignment one, but this time is a reverse shell. Approach has been exactly the same, Eg C POC, Assembly than wrapper program. To be fair the assembly came a bit easier this time and wasn’t fair off working on first attempt so I’m making progress. C Reverse Shell First things first is the C proof of concept which is in fact a touch easier than the bind shell if anything be pretty straight forward to understand. Assembly Reverse Shell As before this is a direct translation of the C code into assembly. Only... Read more

SLAE Assignment 1 – TCP Bind Shell-code

Intro So part one of the challenges for Security Tube Linux Assembly Expert (SLAE) certification, TCP bind shell code. For more info on the course look here. Given my minimal knowledge of C programming at this point my intended process for this challenge is to: Identify the steps I need to take with the code Write a working C proof of concept for the task Port the C code to assembly language Compile and link to a binary and extract the working shell-code Finally work out a way of making the port number dynamic for the shell-code Identify the steps... Read more

e2m3u2bouquet v0.8 final / v0.8.1

v0.8 final v0.8 Final has been released. New features:- When providers bouquet is downloaded (-b or -bd option) now uses full service references instead of just the epg relevant part in case it’s used for picon naming Better multi provider handler e.g. if there is an issue with one provider it won’t stop the script processing others If vod categories are out of order in the playlist, group together Fix file naming issues with non alphanumeric characters Much faster when using an override file 🙂 Don’t retry failed picon downloads Option to add placeholder channel in override file to control... Read more

Live TV streams showing as vod / e2m3u2bouquet 0.7.7

We’ve been made aware that some provider updates have caused the script/plugin to show live stream as vod (which means no epg is listed for them) If you’re you using ‘output=ts’ in your m3u url please try ‘output=m3u8’ as a temporary workaround. There’s an updated release (untested) here if anyone is willing to test and give feedback. Update v0.7.7 has been released which should fix this issue.

EpgImporter / e2m3u2bouquet 0.7.6

We’ve had some reports of issues with epgimport . Initial investigation suggest that a recent epgimport update will stop it from working with any panel’s epg feed. We’ll investigate further but in the meantime we suggest not updating to the latest epgimport version. Update  This issue is caused by the latest version of epgimport checking for a ‘LastUpdate.log’ file on the server that supplies the xmltv epg feed. If the file doesn’t exist or the date within is older than 2 days then the server is considered invalid and not used. Unfortunately this file is used by Rytec feed servers but not IPTV... Read more