|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Obfuscated shellcode
From: Bojan Zdrnja (Bojan.Zdrnja
LSS.hr)
Date: Sun Feb 01 2004 - 16:46:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: Don Parker [mailto:dparkerrigelksecurity.com]
> Sent: Monday, 2 February 2004 6:39 a.m.
> To: vuln-devsecurityfocus.com
> Subject: Obfuscated shellcode
>
> Quite a few large corporations may get updated signatures relatively
quickly but, they
> often do not patch for sometime due to baseline rollouts. Hence using an
obfuscated egg
> to slip past the IDS. This technique is not new, but it is becoming more
well known.
> There are some mitigaing factors here which could affect this such as
application layer
> firewalls and the such. I would however be interested in your thoughts on
this. I have
> not seem much discussion anywhere on this topic.
Yep, it can be useful when you're trying to send something past IDSes.
I'd suggest you take a look at Jempi Scodes project, which is a polymorphic
shellcode generator.
You can find more information about Jempi Scodes at
http://www.shellcode.com.ar/en/proyectos.html.
Also, check on the same web page, there are couple of ready shellcodes which
have encrypt/decrypt section.
Regards,
Bojan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]