RE: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!

["Kyle Quest" <Kyle.Quest () networkengines com>]

Ok, now that I'm back from Amsterdam I've been
able to find some of the prior art for Checkpoint's
"Malicious Code Protector":

"Polymorphic Shellcodes vs. Application IDSs"
by NGSec (2002).

"Accurate Buffer Overflow Detection via
Abstract Payload Execution" by 
T. Toth and C. Kruegel (2002)

"Stride: Polymorphic sled detection through
instruction sequence analysis" by
P. Akritidis, etc

There's more, but i don't remember when I saved
them.

Kyle

P.S.

Obviously I don't know how Checkpoint implemented
their MCP and their design flaws, but it is possible
to have something usable if you do it right. I personally
put some time into this idea... and dealing with
ascii encoded and polymorphic shellcode is still
possible. 


-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com]On Behalf Of Tiago
Assumpcao
Sent: Wednesday, July 06, 2005 7:15 PM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Check Point Invented (R)(TM) the great sand-boxing
and now protects you against "Day0"!


Check Point has just achieved such a great technical advancement: think 
twice before sending your Evil Machine Code through the network pipe. No 
more "Day0" :<

It is now Checking forward to getting a Point patented...

Carry on, fellows -- http://whatever.org.ar/~module/mcp_whitepaper.pdf

-- 
Tiago Rezende Assumpcao  -  trap   tempest com br
8C64 FDF3 23C1 94CF 61D8 268E C5CD 02CB D748 23BC

Tempest Security Technologies
http://www.tempest.com.br


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave