K2 did present ADMmutate...and yes, it is very cool (and a little frightening).
The basic premise behind it (I'll let K2 explain more if he's watching this
list) is that he uses virus like features to obfuscate the shellcode. ADMmutate
can be used on any existing shell code (any current exploit) and will encrypt
the shell code with a polymorphic decrypter. I would expect that the code will
be available for public release soon, you might even try K2's website
http://www.ktwo.ca. As the article mentions, it isn't "easy" to modify a
current exploit to use this, the point and click script kiddie will have to wait
until someone does it for them. The slightly above average skript kiddie won't
have that hard of a time modifying exploit code to use ADMmutate though.

--Bill

From: Vitaly Osipov <vosipovWOLFEGROUP.COM> on 04/03/2001 09:15 AM

Please respond to Vitaly Osipov <vosipovWOLFEGROUP.COM>

To: FOCUS-IDSSECURITYFOCUS.COM
cc:
Client:
Subject: CanSecWest and ADMutate

I've seen some news stories like
http://www.zdnet.co.uk/news/2001/13/ns-22021.html today - saying somebody
called K2 from ADCrew presented on CanSecWest a program for IDS evasion (as
far as I understand, though the descriptions are very vague). Has somebody
been there and can shed a light on this? is really so c00l as news says or
is it just another fragrouter? :)

regards,
W.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]