|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lance Spitzner (lance
SPITZNER.NET)Date: Tue Apr 03 2001 - 10:10:07 CDT
On Tue, 3 Apr 2001, Vitaly Osipov wrote:
> I've seen some news stories like
> http://www.zdnet.co.uk/news/2001/13/ns-22021.html today - saying somebody
> called K2 from ADCrew presented on CanSecWest a program for IDS evasion (as
> far as I understand, though the descriptions are very vague). Has somebody
> been there and can shed a light on this? is really so c00l as news says or
> is it just another fragrouter? :)
CanSecWest was a security conference held last week in Vancouver
(www.dursec.com). Definitely one of the most fun I have been to :)
K2 used this opportunity to release ADMmutate, a new program he has developed.
This program is truly unique in that it create polymorphic shellcode. It
takes an existing exploit and randomly modifies the shellcode when it hits
the wire. For example, many Intel based exploits use predetermined characters
within the shellcode, such as 0x90. These signatures are modifed by ADMmutate,
thus preventing detection by many NIDS.
I'm sure many more qualified then me can give a better technical explanation.
You can find K2 and his works at
hope that helps
lance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]