Re: Transient Context when encoding payloads

[HD Moore <hdm () metasploit com>]

On 12/22/2009 10:05 PM, Jeffs wrote:
> What does "Use transient context when encoding payloads" mean under the
> show advanced menu?

Paper on the technique here:
http://www.uninformed.org/?v=9&a=3&t=pdf

Basically you can use a "shared secret" (existing memory) to encode the
shellcode so that even with full network captures it is impossible to
decrypt without knowing what memory was used. Think of it as a really
bad one-time-bad, but still good enough to break automated analysis.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework