Full Disclosure mailing list archives
shellcode encoders & IDS
From: ned <nd () felinemenace org>
Date: Fri, 3 Oct 2003 19:02:40 -0700 (PDT)
hi list, i was thinking that too protect ourselves from unknown attacks, there must be a way to detect things such as shellcode decoders in payloads. after a bit of research, i have compiled this small list of publicly availiable encoder/decoder systems in the hope that snort or another IDS project would build rules for them. The following list is the app the encoder is featured in, the author and the type. shellforge.py: Phillip Biondi - Xor and Alpha Numeric http://www.cartel-securite.fr/pbiondi/projects/shellforge.html Pex.pm: HDM & HSJ - Xor http://www.metasploit.com/projects.html CANVAS: dave aitel - Additive and Unicode (not publicly available but recently leaked) Hellkit: stealth - Xor www.team-teso.net rix - AlphaNumeric http://www.phrack.org/phrack/57/p57-0x0f and im sure there are plenty more. If anyone know's of any other public encoder/decoder systems, send them too me so i can complete a exhastive list and so that once again,mutant payloads will be detected. - nd -- http://felinemenace.org/~nd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- shellcode encoders & IDS ned (Oct 03)