Dailydave mailing list archives
RE: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Wed, 13 Jul 2005 19:06:34 -0400
Ok, now that I'm back from Amsterdam I've been able to find some of the prior art for Checkpoint's "Malicious Code Protector": "Polymorphic Shellcodes vs. Application IDSs" by NGSec (2002). "Accurate Buffer Overflow Detection via Abstract Payload Execution" by T. Toth and C. Kruegel (2002) "Stride: Polymorphic sled detection through instruction sequence analysis" by P. Akritidis, etc There's more, but i don't remember when I saved them. Kyle P.S. Obviously I don't know how Checkpoint implemented their MCP and their design flaws, but it is possible to have something usable if you do it right. I personally put some time into this idea... and dealing with ascii encoded and polymorphic shellcode is still possible. -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com]On Behalf Of Tiago Assumpcao Sent: Wednesday, July 06, 2005 7:15 PM To: dailydave () lists immunitysec com Subject: [Dailydave] Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Check Point has just achieved such a great technical advancement: think twice before sending your Evil Machine Code through the network pipe. No more "Day0" :< It is now Checking forward to getting a Point patented... Carry on, fellows -- http://whatever.org.ar/~module/mcp_whitepaper.pdf -- Tiago Rezende Assumpcao - trap tempest com br 8C64 FDF3 23C1 94CF 61D8 268E C5CD 02CB D748 23BC Tempest Security Technologies http://www.tempest.com.br _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Kyle Quest (Jul 07)
- <Possible follow-ups>
- RE: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Kyle Quest (Jul 13)