Nick Harbour's PE-Scrambler

[cybereagle at gmail.com (Matt Hillman)]

PE-Scrambler does a lot more than just play with the PE header. I did a
little writeup of its features based on attending his defcon presentation
which you can find at the bottom of
http://labs.mwrinfosecurity.com/notices.php

Its not totally realiable as it doesnt create a working exe every time, but
it has some pretty fun tricks up its sleave.

2009/2/10 Adrian Crenshaw <irongeek at irongeek.com>

> Honestly, I'm not sure which is the better packer to test with. Ed Skoudis
> just mentioned PE-Scrambler in a class I'm in and that Nick won some contest
> at DefCon with it.
>
> Adrian
>
> 2009/2/10 xgermx <xgermx at gmail.com>
>
> Not trying to thread jack, but is there a reason why using a tool like
> > PE-Scrambler is better than manually changing PE information with a tool
> > like PE Stud?
> >
> > 2009/2/10 Adrian Crenshaw <irongeek at irongeek.com>
> >
> > > Rnicrosoft.com seems to be down, anyone know a trusted source for
> > > PE-Scrambler? I know Paul/Larry did some work on it awhile back.
> > >
> > > Thanks,
> > > Adrian
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090211/21034907/attachment.htm