lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Oct 2004 01:39:15 +0000 From: "m conover" <mconover_001@...mail.com> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com, focus-ids@...urityfocus.com Subject: RE: On Polymorphic Evasion (an alphanumeric version) Cool. I will also add to the discussion with an alphanumeric version written with two others for experimentation, though it is limited in it doesn't vary the length of the decoder stubs or encoded shellcode. spoonm is doing a separate version--I think based on Berend's alpha--that will. Also, I did not test it against any of the different shellcode detectors like Fnord, so I would be curious to know if anyone tries. IMO "as to whether the detection of polymorphic shellcode was indeed an appropriate component of an IDS", I think there is enough prior art on it that it's not really a big deal to publish or discuss code implementing it. It most likely better to have a variety of generators to test the effectiveness of a shellcode detector. I added a small blurb on addtional options for OS-independence with alphanumeric shellcode for IA-32e/AMD-64 since it adds the new RIP-relative addressing. See attachment. >"Phantasmal Phantasmagoria" <phantasmal@...h.ai> >10/01/2004 05:28 PM >Please respond to >phantasmal@...h.ai > > >To >full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com, >focus-ids@...urityfocus.com >cc > >Subject >On Polymorphic Evasion > > > > > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- ------------------------------------ > >On Polymorphic Evasion >by Phantasmal Phantasmagoria >phantasmal@...h.ai _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists