Series
Shellcode lab operations
10 posts in this series. Read them in order or jump to any one.
- Reverse TCP shellcode: the lab checklist I actually use
A practical reverse TCP lab workflow for authorized testing: listener setup, byte checks, and failure modes before you paste shellcode anywhere.
- Null bytes in shellcode still ruin exploits in 2026
Why 0x00 breaks strcpy-style delivery, how nulls sneak into reverse TCP structs, and what to do when your encoder pass lies to you.
- Client-side shellcode generation: a threat model that is not marketing
What stays local in a browser-native shellcode builder, what still leaks, and how to run authorized tests without polluting your ticket trail.
- Encoder pipeline order: why your second pass breaks the first
How stacked encoders change size, decoders, and bad-char profiles, plus a sane order for lab iterations before exploit integration.
- Importing shellcode without corrupting a single byte
Common paste formats, whitespace traps, and how to round-trip external shellcode through a browser builder without silent truncation.
- Linux exec vs reverse TCP: pick the payload that matches the primitive
When to use exec-style shellcode versus reverse TCP in authorized labs, and why the flashy option is often the wrong one.
- Repeatable shellcode runbooks for authorized testing
How to document encoder chains, network parameters, and export formats so retests do not turn into archaeology.
- What the hex viewer tells you before you copy shellcode
Using a hex view to catch alignment issues, obvious bad chars, and length mistakes before shellcode hits an exploit script.
- Bad-character filters: presets are a start, not the contract
How null and alphanumeric presets map to real injection channels, and when you must build a custom bad-char list.
- Leaving msfvenom on the jump box: a browser-native workflow
A migration path from team-server shellcode habits to in-browser generation without losing reproducibility or OPSEC discipline.