lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY10-F34G30GaET1GZ00014cb2@hotmail.com>
Date: Tue, 05 Oct 2004 01:39:15 +0000
From: "m conover" <mconover_001@...mail.com>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
   focus-ids@...urityfocus.com
Subject: RE: On Polymorphic Evasion (an alphanumeric version)


Cool. I will also add to the discussion with an alphanumeric version written 
with two others for experimentation, though it is limited in it doesn't vary 
the length of the decoder stubs or encoded shellcode. spoonm is doing a 
separate version--I think based on Berend's alpha--that will. Also, I did 
not test it against any of the different shellcode detectors like Fnord, so 
I would be curious to know if anyone tries. IMO "as to whether the detection 
of polymorphic shellcode was indeed an appropriate component of an IDS", I 
think there is enough prior art on it that it's not really a big deal to 
publish or discuss code implementing it. It most likely better to have a 
variety of generators to test the effectiveness of a shellcode detector. I 
added a small blurb on addtional options for OS-independence with 
alphanumeric shellcode for IA-32e/AMD-64 since it adds the new RIP-relative 
addressing. See attachment.

>"Phantasmal Phantasmagoria" <phantasmal@...h.ai>
>10/01/2004 05:28 PM
>Please respond to
>phantasmal@...h.ai
>
>
>To
>full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
>focus-ids@...urityfocus.com
>cc
>
>Subject
>On Polymorphic Evasion
>
>
>
>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- ------------------------------------
>
>On Polymorphic Evasion
>by Phantasmal Phantasmagoria
>phantasmal@...h.ai

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ