https://blog.entysec.com/ Latest EntySec security researches, news and tutorials. 2026-01-10T17:35:01+00:00 EntySec https://blog.entysec.com/ Jekyll © 2026 EntySec /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-01-10T00:00:00+00:00 2026-01-10T00:00:00+00:00 https://blog.entysec.com/posts/building-reverse-http-handler/ enty8080

In offensive security development, communication between a listener (the “C2” or Command & Control) and an implant is the most critical link. While raw TCP shells are common, HTTP is often the preferred choice because it effortlessly blends into legitimate web traffic and bypasses restrictive firewalls. Today, I’m walking through the implementation of a custom Reverse HTTP Handler and Sess...

2026-01-05T00:00:00+00:00 2026-01-10T17:33:45+00:00 https://blog.entysec.com/posts/http-reverse-shell/ enty8080

In the world of offensive security, the “Reverse Shell” is often considered the ultimate primitive. It represents the moment where abstract exploitation becomes tangible control. Traditionally, reverse shells are written in Python, Bash, or C — languages that offer convenience, portability, and rapid development. However, those same conveniences come at a cost: predictability. To truly evade m...

2026-01-05T00:00:00+00:00 2026-01-07T00:42:12+00:00 https://blog.entysec.com/posts/baking-shellcodes/ enty8080

“Most developers spend their careers building things up. We’re here to break them down — with style. Writing shellcode is the culinary art of exploitation: it requires precision, the removal of impurities, and the ability to work in a kitchen that wasn’t built for you. In this guide, we’re ditching the store-bought libraries and baking a raw, null-free payload from scratch. Grab your apron and ...

2024-01-03T00:00:00+00:00 2024-12-03T00:52:37+00:00 https://blog.entysec.com/posts/ios-malware-persistence/ enty8080

Your browser does not support the video tag. Here is a link to the video file instead. Since the development of SeaShell iOS post-exploitation framework started, I was thinking about persistence techniques that can be applicable to a non-jailbroken (or jailbroken but rootless) iOS systems. So, after few days of brainstorming I came with few ideas that can be used and that I have al...

2023-12-31T00:00:00+00:00 2026-01-10T17:33:29+00:00 https://blog.entysec.com/posts/seashell-ios-malware/ enty8080

Introduction iPhones have a reputation for robust security, largely thanks to the extensive hardware security features they incorporate. As one of the world’s most widely-used and secure mobile operating systems, iOS consistently attracts the attention of hackers. A notable example of this is the sophisticated ‘Operation Triangulation’ attack discovered by Kaspersky. With each new version, App...