Vulnerability Development mailing list archives

RE: Obfuscated shellcode

From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Mon, 2 Feb 2004 11:46:05 +1300

-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com] 
Sent: Monday, 2 February 2004 6:39 a.m.
To: vuln-dev () securityfocus com
Subject: Obfuscated shellcode 

Quite a few large corporations may get updated signatures relatively

quickly but, they

often do not patch for sometime due to baseline rollouts. Hence using an

obfuscated egg

to slip past the IDS. This technique is not new, but it is becoming more

well known.

There are some mitigaing factors here which could affect this such as

application layer

firewalls and the such. I would however be interested in your thoughts on

this. I have

not seem much discussion anywhere on this topic.


Yep, it can be useful when you're trying to send something past IDSes.
I'd suggest you take a look at Jempi Scodes project, which is a polymorphic
shellcode generator.
You can find more information about Jempi Scodes at
http://www.shellcode.com.ar/en/proyectos.html.

Also, check on the same web page, there are couple of ready shellcodes which
have encrypt/decrypt section.

Regards,

Bojan

Current thread:

Obfuscated shellcode Don Parker (Feb 01)
- Re: Obfuscated shellcode Aaron Turner (Feb 01)
- Re: Obfuscated shellcode Karma (Feb 01)
- RE: Obfuscated shellcode Bojan Zdrnja (Feb 01)
- <Possible follow-ups>
- Re: Obfuscated shellcode Don Parker (Feb 01)
- Re: Obfuscated shellcode Don Parker (Feb 01)
  - Re: Obfuscated shellcode Aaron Turner (Feb 01)