Penetration Testing mailing list archives
pen testing & obfuscated shell code
From: "Don Parker" <dparker () rigelksecurity com>
Date: Fri, 30 Jan 2004 08:44:53 -0500 (EST)
Hello group, have a question to ask which is about using obfuscated shell code during a pen test. Do any of you actually use home cooked obfuscated shell code during a pen test? By that I mean do you replace the known sled of x90 with another 1 byte instruction that won't affect the egg? Outside of some .gov and .mil clients do you even bother offering this level of granularity to your clients? It is not every client out there governmental or otherwise that has application level firewalls working in tandem with an IDS, and even more importantly an analyst who will recognize a possible overflow. With the development of such tools as ADMutate among others this is becoming of genuine concern. I would be most interested in hearing your opinions, and or insights. Cheers! ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- pen testing & obfuscated shell code Don Parker (Jan 30)