|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Obfuscated shellcode
From: Don Parker (dparker
rigelksecurity.com)
Date: Sun Feb 01 2004 - 11:38:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello all, do any of you bother using obfuscated eggs during a pentest? I ask here for I
got no responses elsewhere. Though changing the well known x90 sled to some other 1 byte
function that won't affect the egg won't work against a patched service it will, however
elude an IDS signature.
Quite a few large corporations may get updated signatures relatively quickly but, they
often do not patch for sometime due to baseline rollouts. Hence using an obfuscated egg
to slip past the IDS. This technique is not new, but it is becoming more well known.
There are some mitigaing factors here which could affect this such as application layer
firewalls and the such. I would however be interested in your thoughts on this. I have
not seem much discussion anywhere on this topic.
Cheers!
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]