Hopefully the following write-ups and modules will be enough to get you started, I have a lot of family problems right now, as well as legal problems (as I mentioned in my announcements), and academic problems. Once I have time, I will make write-up videos with full documentation on how custom shellcoding for Linux actually works, line-by-line.
Custom shellcoding is essential for binexp CTF challenges that you may find in things like National Cyber League, Nahamsec CTFs, etc. Knowing how to write custom shellcode would take you pretty far, especially since the majority of the binary exploitation "challenges" are in 64-bit Linux ELF files, with no method of socket connectivity like in our Windows SLMail 5.5 challenge, or LibHTTPd 1.2, but rather, that the challenges themselves accepts input as a argument from a terminal. Furthermore, being able to put together your own custom shellcode in Linux will certainly help in rooting various production apps once you find a vulnerability in bug bounty programs.
This exercise is also being used as a test-run in a CTF my peers are doing, so I will be evaluating the results and reception of this content from them, as the participants come from multiple Federal Law Enforcement Agencies and branches of the military (including my personal favorite, the United States Colonial Marines, ahem, "The Space Force"). After evaluating the results, i'll take note of what I need to polish for this section.
Windows shellcoding is much harder, and also is not compatible between multiple architectures, but it is still doable. It basically interacts with the User-Mode Functions of the Windows NT Kernel, which as of right now, both Windows 10 and 11 are NT Kernel 10.0. This means that shellcode that works on NT Kernel 10.0 may not work on NT 5.1 (Windows XP), or NT 6.1 (Windows 7), etc. I will eventually add a Windows custom shellcode section as well.
If you mess around with our favorite payload generator, Metasploit, you'll notice from disassembly and research that the msf framework actually generates cross-platform compatible Windows shellcode. Also you'll find out that the 64-bit standard Windows command shell payload is "patched-over" from the 32-bit version, with a few quick hacks, effectively making a 32-bit payload run within 64-bit environments by using the lower-half of the 64-bit registers (Your IP address and Port is stored in the lower-half of the R12 register).