Dailydave mailing list archives
English Shellcode
From: dave <dave () immunityinc com>
Date: Tue, 24 Nov 2009 10:37:27 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This hit Slashdot recently, and it's interesting. http://www.cs.jhu.edu/~sam/ccs243-mason.pdf One thing people always try to avoid mentioning in papers about shellcode is size. But in this case, they say that a exit(0) Linux shellcode is going to be 2K or so which is good to know. There's the obligatory "our shellcode is too powerful to include a complete example of!" which is pretty funny. Developing these sorts of techniques to defeat an IDS is a bit overkill. Or perhaps as Spike would say "I think it's just enough kill." :> x86 is such an expressive language - you can do all sorts of great tricks in it. In the Java exploit Sean pumped out recently for CANVAS Early Updates he had to write a Java-UTF-8 nibble encoder/decoder. You get a list of byte sequences you can use and you chew down it until you get a working decoder. In the meantime, every five minutes people come up behind you and ask you if it's done yet. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAksL/bYACgkQtehAhL0gheqO5gCeMm/u1BqDnq2Ze6f7pnMC3d8g sd8An37Y3IHrpaJmZIwD6wuPuinGyMFj =gxS1 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- English Shellcode dave (Nov 24)
- Re: English Shellcode Bob Auger (Nov 24)