Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: Obfuscated shellcode
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Mon, 2 Feb 2004 11:46:05 +1300
 


-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com] 
Sent: Monday, 2 February 2004 6:39 a.m.
To: vuln-dev () securityfocus com
Subject: Obfuscated shellcode 

Quite a few large corporations may get updated signatures relatively

quickly but, they 

often do not patch for sometime due to baseline rollouts. Hence using an

obfuscated egg 

to slip past the IDS. This technique is not new, but it is becoming more

well known. 

There are some mitigaing factors here which could affect this such as

application layer 

firewalls and the such. I would however be interested in your thoughts on

this. I have 

not seem much discussion anywhere on this topic. 


Yep, it can be useful when you're trying to send something past IDSes.
I'd suggest you take a look at Jempi Scodes project, which is a polymorphic
shellcode generator.
You can find more information about Jempi Scodes at
http://www.shellcode.com.ar/en/proyectos.html.

Also, check on the same web page, there are couple of ready shellcodes which
have encrypt/decrypt section.

Regards,

Bojan

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]