shellcodes — Blog

shellcodes — Blog https://www.shellcodes.app/en/blog Latest from Blog en Thu, 04 Jun 2026 23:36:37 GMT Leaving msfvenom on the jump box: a browser-native workflow https://www.shellcodes.app/en/blog/browser-native-shellcode-vs-msfvenom-workflow https://www.shellcodes.app/en/blog/browser-native-shellcode-vs-msfvenom-workflow A migration path from team-server shellcode habits to in-browser generation without losing reproducibility or OPSEC discipline. shellcodes Tue, 12 May 2026 00:00:00 GMT Bad-character filters: presets are a start, not the contract https://www.shellcodes.app/en/blog/bad-character-filters-presets-vs-custom https://www.shellcodes.app/en/blog/bad-character-filters-presets-vs-custom How null and alphanumeric presets map to real injection channels, and when you must build a custom bad-char list. shellcodes Tue, 28 Apr 2026 00:00:00 GMT What the hex viewer tells you before you copy shellcode https://www.shellcodes.app/en/blog/hex-viewer-shellcode-review-before-copy https://www.shellcodes.app/en/blog/hex-viewer-shellcode-review-before-copy Using a hex view to catch alignment issues, obvious bad chars, and length mistakes before shellcode hits an exploit script. shellcodes Tue, 14 Apr 2026 00:00:00 GMT Repeatable shellcode runbooks for authorized testing https://www.shellcodes.app/en/blog/repeatable-shellcode-runbooks-authorized-testing https://www.shellcodes.app/en/blog/repeatable-shellcode-runbooks-authorized-testing How to document encoder chains, network parameters, and export formats so retests do not turn into archaeology. shellcodes Wed, 01 Apr 2026 00:00:00 GMT Linux exec vs reverse TCP: pick the payload that matches the primitive https://www.shellcodes.app/en/blog/linux-exec-vs-reverse-tcp-payloads https://www.shellcodes.app/en/blog/linux-exec-vs-reverse-tcp-payloads When to use exec-style shellcode versus reverse TCP in authorized labs, and why the flashy option is often the wrong one. shellcodes Wed, 18 Mar 2026 00:00:00 GMT Importing shellcode without corrupting a single byte https://www.shellcodes.app/en/blog/import-shellcode-without-corrupting-bytes https://www.shellcodes.app/en/blog/import-shellcode-without-corrupting-bytes Common paste formats, whitespace traps, and how to round-trip external shellcode through a browser builder without silent truncation. shellcodes Thu, 05 Mar 2026 00:00:00 GMT Encoder pipeline order: why your second pass breaks the first https://www.shellcodes.app/en/blog/shellcode-encoder-pipeline-order https://www.shellcodes.app/en/blog/shellcode-encoder-pipeline-order How stacked encoders change size, decoders, and bad-char profiles, plus a sane order for lab iterations before exploit integration. shellcodes Sun, 22 Feb 2026 00:00:00 GMT Client-side shellcode generation: a threat model that is not marketing https://www.shellcodes.app/en/blog/client-side-shellcode-generation-threat-model https://www.shellcodes.app/en/blog/client-side-shellcode-generation-threat-model What stays local in a browser-native shellcode builder, what still leaks, and how to run authorized tests without polluting your ticket trail. shellcodes Tue, 10 Feb 2026 00:00:00 GMT Null bytes in shellcode still ruin exploits in 2026 https://www.shellcodes.app/en/blog/null-bytes-shellcode-exploit-constraints https://www.shellcodes.app/en/blog/null-bytes-shellcode-exploit-constraints Why 0x00 breaks strcpy-style delivery, how nulls sneak into reverse TCP structs, and what to do when your encoder pass lies to you. shellcodes Wed, 28 Jan 2026 00:00:00 GMT Reverse TCP shellcode: the lab checklist I actually use https://www.shellcodes.app/en/blog/reverse-tcp-shellcode-lab-checklist https://www.shellcodes.app/en/blog/reverse-tcp-shellcode-lab-checklist A practical reverse TCP lab workflow for authorized testing: listener setup, byte checks, and failure modes before you paste shellcode anywhere. shellcodes Thu, 15 Jan 2026 00:00:00 GMT