Vulnerability Development mailing list archives
Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs
From: "Robert Flicker" <robert_flicker () hotmail com>
Date: Sat, 26 Jan 2002 09:55:37 +0000
Hi charles: Have you tested the sourcecode that comes with the paper: http://www.ngsec.com/downloads/misc/NIDSfindshellcode.tgz As far as i know is the first public code that does this stuff.It may be not hot-news but i think it worth the download, and is a better solution for current IDS than your exoteric thoughts with Neuronal Networks and distributed signature checking... INMHO uimplementable in current IDS technologies.
Quoting from www.snort.org: "Paper: Polymorphicisms be gone ...His ideas revolve around counting multiple NOP type operations in a row and alerting when a threshold is reached. The idea has been kicked around for a while, but this is the first one that I have seen in actual implementation.
... "Current snort branch and its technique to detect shellcode is very easy foolable ;P... NIDSfindshellcode is also foolable but in a harder way.
Robert Flicker _________________________________________________________________Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Current thread:
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Robert Flicker (Jan 26)
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Charles 'core' Stevenson (Jan 26)
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Mike Murray (Jan 26)
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Pavel Kankovsky (Jan 27)
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs.ApplicationIDSs Gerardo Richarte (Jan 28)
- <Possible follow-ups>
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Robert Flicker (Jan 27)
- Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. ApplicationIDSs Charles 'core' Stevenson (Jan 26)