I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.
The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.
There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.
https://github.com/sha0coder/scemu
In less than two seconds we have emulated 7 millions of instructions arriving to the recv.
At this point we have some IOC like the ip:port where it's connecting and other details.
Lets see what happens after the recv() spawning a console at position: 7,012,204
target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204
The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.
The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next stage automatically, but for now we have the details to get the stage.
SCEMU also identify all the Linux syscalls for 32bits shellcodes:
The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen
Let's check with cobalt-strike:
In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or for example grep the branches to study the emulation flow.
target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j
target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l
Related articles
- Tools 4 Hack
- Hacking Tools For Mac
- How To Make Hacking Tools
- Hacker Tools
- Nsa Hack Tools
- Pentest Tools Url Fuzzer
- New Hacker Tools
- Pentest Tools Windows
- Hack And Tools
- Hacking Tools Windows 10
- Github Hacking Tools
- Hacking Tools For Kali Linux
- Hacker Tools Free Download
- Kik Hack Tools
- Hacker Tools Mac
- Hacker Tools 2019
- Best Pentesting Tools 2018
- Hacker Tools Apk
- Hack Website Online Tool
- Hak5 Tools
- Hacks And Tools
- Nsa Hack Tools Download
- Hacking Tools Download
- Hack And Tools
- Hacker
- Pentest Tools
- Easy Hack Tools
- Hacking Apps
- Pentest Tools For Android
- Hack And Tools
- Hacker Tools Online
- Hacking Tools Hardware
- Blackhat Hacker Tools
- Pentest Tools Find Subdomains
- Hacking Tools 2020
- Hacker Tools Hardware
- Top Pentest Tools
- How To Install Pentest Tools In Ubuntu
- Hack Tools Github
- Hack Tools For Mac
- Hacking Tools Windows
- Hacking Tools For Pc
- Hacker Tool Kit
- Pentest Automation Tools
- Hacker Tools Mac
- Install Pentest Tools Ubuntu
- Hacking Tools Download
- Hack Tool Apk
- Hacker Tools Hardware
- Hack Tools
- Pentest Tools Open Source
- Pentest Tools Open Source
- Hack Tool Apk No Root
- Hacking App
- Hack Apps
- Hacker Tools For Mac
- Hacking Tools 2020
- Hacker Tools Windows
- Hacking Tools Mac
- Pentest Tools Website
- Hacking Tools For Mac
- Blackhat Hacker Tools
- Pentest Tools Website
- Hacking Tools For Windows 7
- Github Hacking Tools
- Hack Tool Apk
- Hack Tools 2019
- Hacking Tools
- Hacker Tools Linux
- Best Hacking Tools 2020
- Physical Pentest Tools
- Hack Rom Tools
- Hack Tools Online
- Easy Hack Tools
- Hackrf Tools
- What Are Hacking Tools
- Hacking App
- Hacking Tools Pc
- Hacking Tools Free Download
- What Are Hacking Tools
- Hacker Tools Github
- Hacker Techniques Tools And Incident Handling
- Hackrf Tools
- Hacker Tools For Mac
- Pentest Tools For Windows
- Android Hack Tools Github
- Pentest Tools Port Scanner
- Hacks And Tools
- Hack Tools
- Hack Tool Apk No Root
- Pentest Tools Download
- Physical Pentest Tools
- Hacking Tools Name
- Pentest Tools Tcp Port Scanner
- Hack Tool Apk
- Hacker Tools Mac
- How To Make Hacking Tools
- Hacker Tools Github
- Hacker Tools Mac
- Hacker Tools Software
- Pentest Tools Subdomain
- Hacker Search Tools
- Hacker Techniques Tools And Incident Handling
- Hackrf Tools
- New Hack Tools
- Hack App
- Pentest Tools Open Source
- Hacking Tools Github
- Black Hat Hacker Tools
- Hack Rom Tools
- Hacking Tools Download
No comments:
Post a Comment