Development of a shellcode generator for cybersecurity education and training

Abstract

As the importance of cybersecurity education continues to grow in our increasingly digital world, mastering its intricacies can often prove daunting, especially for beginners. The so-called shellcodes, malicious codes that are inserted into the memory of other programs and take control of them, are one of the least known dangers for the educational community, partly because understanding them requires mastering, among other subjects, how computer memory works, as well as possessing assembly-level programming skills. This work presents an innovative software application designed specifically to simplify the process of shellcode generation, a fundamental task in the field of computer security. Our tool stands out for its educational approach, providing access to students of all levels, even those with no prior experience in assembly language. Compatible with a wide range of architectures, this application removes the barrier of having to write assembly or machine code, offering instead an intuitive and user-friendly interface. One of the key features of our application is its use of Linux system calls as the basis for code generation. This choice not only ensures greater portability across different platforms and architectures but also allows students to understand the fundamentals of operating systems and their role in executing low-level programs. In addition to providing a practical solution for shellcode generation, our work aims to enhance technical understanding of computer security more broadly. By simplifying the shellcode generation process, we hope to encourage active participation from students, especially those who may feel intimidated by the complexity of low-level programming. By making shellcode generation more accessible, we believe our application can open new doors in the learning of computer security and foster greater engagement in this constantly evolving field.