
Dailydave mailing list archives
Re: English Shellcode
From: Bob Auger <bobauger () gmail com>
Date: Tue, 24 Nov 2009 08:06:43 -0800
Darrin Barall spoke about this exact thing at blackhat in 2005. http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html (grep Shakespearean Shellcode) http://media.blackhat.com/bh-usa-05/audio/2005_BlackHat_Vegas-V31-D_Barrall-Shakespearean_Shellcode.mp3 http://mirror.fpux.com/HackerCons/Blackhat%202005/CD/BH_US_05_BARRALL.PDF On Tue, Nov 24, 2009 at 7:37 AM, dave <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This hit Slashdot recently, and it's interesting. http://www.cs.jhu.edu/~sam/ccs243-mason.pdf One thing people always try to avoid mentioning in papers about shellcode is size. But in this case, they say that a exit(0) Linux shellcode is going to be 2K or so which is good to know. There's the obligatory "our shellcode is too powerful to include a complete example of!" which is pretty funny. Developing these sorts of techniques to defeat an IDS is a bit overkill. Or perhaps as Spike would say "I think it's just enough kill." :> x86 is such an expressive language - you can do all sorts of great tricks in it. In the Java exploit Sean pumped out recently for CANVAS Early Updates he had to write a Java-UTF-8 nibble encoder/decoder. You get a list of byte sequences you can use and you chew down it until you get a working decoder. In the meantime, every five minutes people come up behind you and ask you if it's done yet. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAksL/bYACgkQtehAhL0gheqO5gCeMm/u1BqDnq2Ze6f7pnMC3d8g sd8An37Y3IHrpaJmZIwD6wuPuinGyMFj =gxS1 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- English Shellcode dave (Nov 24)
- Re: English Shellcode Bob Auger (Nov 24)