A few weeks ago I was preparing to start OffSec’s Cracking the Perimeter pentesting course. Certain pre-requisite knowledge is expected (goodness knows the registration process is unusually involved) and many bloggers suggested that it’s worth getting up to speed on assembly language in advance.
Based on a few recommendations I wound up completing the SLAE32 short course and certification. Here we come to my biggest criticism: the name. It stands for SecurityTube Linux Assembly Expert. It taught me how to do lots of useful things but being an expert on linux assembly is not one of them. If I put it on my CV I’d be nervous about failing interview questions about basic details.
I do think the course is a good size—I now have everything I need to keep playing around on my own. It’s a few years old now. I ignored the instructions about setting up an environment and just grabbed the latest 32-bit Kali Linux. Everything worked fine.
The video content is split into two parts. The first teaches the basics of how CPUs and memory work, the registers, moving data around, flow control, arithmetic operations, and how to make Linux syscalls using
int 0x80. Practical steps for assembling, disassembling, testing and debugging are discussed in detail, which I found really useful. There’s also an attached
gdb tutorial series.
The second part is all about shellcode. Topics include locating data at known addresses via various techniques, avoiding nulls, spawning
/bin/sh, encoding shellcode to hide it from AV, polymorphism, and encryption.
The SLAE certification assignments take the form of blog posts. This is quite obviously a clever SEO trick on SecurityTube’s part but I went along with it (and here I am talking about it some more). The assignments extended the topics from the second half of the course into building full bind/reverse shells, egghunters, analysing and modifying third party shellcode, and coming up with new encoding/cryptographic evasion methods.
- Shows how to build and debug shellcode including all commands.
- Explanations are clear and demonstrated inside gdb, including useful tricks like
- Covers just enough to work out what unknown unobfuscated shellcode does.
- Slow-paced if you’ve dabbled in asm or shellcode before. Not bad at 150% speed.
- Minimal discussion of calling conventions or any compiler-generated code.
- No discussion of 64-bit because that’s a separate course (SLAE64).
Since then I’ve begun CTP and I have no regrets. Some of the SLAE work such as egghunters translates directly across. I’ve had no difficulty following other assembly in the CTP material. All the debugging takes place in OllyDbg instead of
gdb but to me that’s easier anyway.
TLDR: Good value course for shellcoding or CTP specifically but not especially deep.