This is my first write-up dealing with binary exploitation, covering a BOF SEH-based vulnerability that is about a decade old.

Why does this service matter ?

The Advanced Equation Group’s toolset leaked by Shadow Brokers is being more and more used by street-level cybercriminals, as was reported by this trendmicro blog post earlier this month. But, taking a close look at the rudimentary, unsophisticated way, they have used the toolset (see image below), it makes no… BLAH HERE

Not a while ago, while doing malware research for a company as an independent security researcher, I had to find an effective, and compact In-Memory DLL injection method, that will render the piece of code I was tasked to create, fully modular. Stealth, was another desired feature. I didn’t have time, nor the knowledge to make one as effective as I wanted it to be, from the ground up (lots of issues to deal with: different Windows OS versions, OS architecture, compactness at assembly level, …), so I had to search for an existing one. DoublePulsar implant, part of the ShadowBrokers’s leak was the newest of them all, made by NSA gurus, and had had success in the famous WannaCry attack.

This post is going to be about setting up a complete installation and configuration of the Open-Source Security Onion Linux distribution. We’ll start with a simple lab containing SO, Kali virtual machines turning on VirtualBox, and our Host. So, let’s get started !!

[Warning : Unfinished post]