English Shellcode

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This hit Slashdot recently, and it's interesting.

http://www.cs.jhu.edu/~sam/ccs243-mason.pdf

One thing people always try to avoid mentioning in papers about
shellcode is size. But in this case, they say that a exit(0) Linux
shellcode is going to be 2K or so which is good to know. There's the
obligatory "our shellcode is too powerful to include a complete example
of!" which is pretty funny. Developing these sorts of techniques to
defeat an IDS is a bit overkill. Or perhaps as Spike would say "I think
it's just enough kill." :>

x86 is such an expressive language - you can do all sorts of great
tricks in it. In the Java exploit Sean pumped out recently for CANVAS
Early Updates he had to write a Java-UTF-8 nibble encoder/decoder. You
get a list of byte sequences you can use and you chew down it until you
get a working decoder. In the meantime, every five minutes people come
up behind you and ask you if it's done yet.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAksL/bYACgkQtehAhL0gheqO5gCeMm/u1BqDnq2Ze6f7pnMC3d8g
sd8An37Y3IHrpaJmZIwD6wuPuinGyMFj
=gxS1
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave