Full Disclosure mailing list archives
Re: On Polymorphic Evasion
From: Ali Campbell <fdisclosure () alicampbell org uk>
Date: Sat, 02 Oct 2004 19:49:19 +0100
Does the fixed-length nature of RISC instructions make detecting a shellcode on a platform such as PPC via IDS easier ? Or does the larger availability of pseudo-NOP instructions on these platforms (owing chiefly to more combinations of registers being available) in fact make it harder ?
I wrote some shellcode for OS X once, basically as an exercise, and I caught myself wondering about this.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- On Polymorphic Evasion Phantasmal Phantasmagoria (Oct 01)
- Re: On Polymorphic Evasion zero (Oct 02)
- Re: On Polymorphic Evasion Ali Campbell (Oct 02)
- Re: On Polymorphic Evasion Andrew Farmer (Oct 02)
- Re: On Polymorphic Evasion Ali Campbell (Oct 02)
- Re: On Polymorphic Evasion Vlad902 (Oct 02)
- <Possible follow-ups>
- Re: On Polymorphic Evasion PERFECT. MATERIAL (Oct 01)
- Re: Re: On Polymorphic Evasion xbud (Oct 01)
- Re: Re: On Polymorphic Evasion PERFECT.MATERIAL (Oct 01)
- Re: Re: On Polymorphic Evasion xbud (Oct 01)
- Re: Re: On Polymorphic Evasion r00t3d (Oct 02)
- Re: Re: On Polymorphic Evasion James Tucker (Oct 02)
- Re: On Polymorphic Evasion zero (Oct 02)