RE: Obfuscated shellcode
From: Bojan Zdrnja (Bojan.Zdrnja_at_LSS.hr)
Date: 02/01/04
- Previous message: Karma: "Re: Obfuscated shellcode"
- In reply to: Don Parker: "Obfuscated shellcode"
- Next in thread: Don Parker: "Re: Obfuscated shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Don Parker'" <dparker@rigelksecurity.com>, <vuln-dev@securityfocus.com> Date: Mon, 2 Feb 2004 11:46:05 +1300
> -----Original Message-----
> From: Don Parker [mailto:dparker@rigelksecurity.com]
> Sent: Monday, 2 February 2004 6:39 a.m.
> To: vuln-dev@securityfocus.com
> Subject: Obfuscated shellcode
>
> Quite a few large corporations may get updated signatures relatively
quickly but, they
> often do not patch for sometime due to baseline rollouts. Hence using an
obfuscated egg
> to slip past the IDS. This technique is not new, but it is becoming more
well known.
> There are some mitigaing factors here which could affect this such as
application layer
> firewalls and the such. I would however be interested in your thoughts on
this. I have
> not seem much discussion anywhere on this topic.
Yep, it can be useful when you're trying to send something past IDSes.
I'd suggest you take a look at Jempi Scodes project, which is a polymorphic
shellcode generator.
You can find more information about Jempi Scodes at
http://www.shellcode.com.ar/en/proyectos.html.
Also, check on the same web page, there are couple of ready shellcodes which
have encrypt/decrypt section.
Regards,
Bojan
- Previous message: Karma: "Re: Obfuscated shellcode"
- In reply to: Don Parker: "Obfuscated shellcode"
- Next in thread: Don Parker: "Re: Obfuscated shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
