Vulnerability Development mailing list archives
RE: Obfuscated shellcode
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Mon, 2 Feb 2004 11:46:05 +1300
-----Original Message----- From: Don Parker [mailto:dparker () rigelksecurity com] Sent: Monday, 2 February 2004 6:39 a.m. To: vuln-dev () securityfocus com Subject: Obfuscated shellcode Quite a few large corporations may get updated signatures relatively
quickly but, they
often do not patch for sometime due to baseline rollouts. Hence using an
obfuscated egg
to slip past the IDS. This technique is not new, but it is becoming more
well known.
There are some mitigaing factors here which could affect this such as
application layer
firewalls and the such. I would however be interested in your thoughts on
this. I have
not seem much discussion anywhere on this topic.
Yep, it can be useful when you're trying to send something past IDSes. I'd suggest you take a look at Jempi Scodes project, which is a polymorphic shellcode generator. You can find more information about Jempi Scodes at http://www.shellcode.com.ar/en/proyectos.html. Also, check on the same web page, there are couple of ready shellcodes which have encrypt/decrypt section. Regards, Bojan
Current thread:
- Obfuscated shellcode Don Parker (Feb 01)
- Re: Obfuscated shellcode Aaron Turner (Feb 01)
- Re: Obfuscated shellcode Karma (Feb 01)
- RE: Obfuscated shellcode Bojan Zdrnja (Feb 01)
- <Possible follow-ups>
- Re: Obfuscated shellcode Don Parker (Feb 01)
- Re: Obfuscated shellcode Don Parker (Feb 01)
- Re: Obfuscated shellcode Aaron Turner (Feb 01)