OWASP ZSC | Akash Trehan


Mozilla Logo

Zeroday Cyber Research Shellcoder by OWASP

Good News! OWASP ZSC got selected for DEFCON 24 Labs and Blackhat London! :D


OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.


OWASP ZSC is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with python. The project leaders are Ali Razmjoo and Johanna Curiel. You can download this sofware here. The software also has an api you can use in your projects or day to day python scripts.

My Contribution

My fascination with Binary Exploitation led me to this project. After tinkering with it for some time I felt that there were some features I would like this project to have. It was then that I decided to contribute to it. I currently have 4(Update: 14) merged Pull Requests. Some fo them focus on improving the User Interface for this project. Since people do judge a book by its cover, I do pay a lot of attention to improving the user experience for the projects I work on.

The project is in fast developement and as a member of the project, I try to contribute as much to it as time allows. I have been spending some time developing shellcode for 32-bit OS X which is currenly lacking in ZSC. My future plan is to add atlest a couple of OS X shellcodes before the DEFCON Lab. A lot of professionals use a Macintosh(with Linux VMs :P) so having OS X shellcodes would be a good addition to ZSC.(Update: We have implemented the OSX shellcode module. It has been successfully demonstrated at DEFCON as well :D)

An API has also been developed and the next milestone is a web interface for generating shellcodes.

Its a great learning experience for me. This is the first time I have been writing directly in assembly and getting my own shellcodes. I got aquainted with a lot of commands I had never used before and also with methods to optimise shellcode. I always wanted to contribute to security projects so this is all very exciting! :D

For a list of my contributions to this project follow this link. For any queries about the project feel free to comment below. :)

Do check out other projects, my blog or my write-ups for various CTFs.

Follow @CodeMaxx
Knowing your Binary!
Akash Trehan

Akash Trehan


comments powered by Disqus
rss facebook twitter github youtube mail spotify instagram linkedin google pinterest medium