 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Don, Friday, January 30, 2004, 5:44:53 AM, you wrote: DP> Hello group, have a question to ask which is about using obfuscated shell code during a DP> pen test. Do any of you actually use home cooked obfuscated shell code during a pen test? DP> By that I mean do you replace the known sled of x90 with another 1 byte instruction that DP> won't affect the egg? There are many instructions that would fit the bill... Incrementing and decrementing registers, for example. To avoid further filters, you may wish to alternate. E.g. NOP INC EAX INC EDX NOP NOP INC EAX DEC EDX INC EAX XOR EAX,EAX The clue is that the instruction, in machine code, should be one byte only. Simply because if there were two, there would be a chance it "landed" on the odd byte. - -- Best regards, Marius mailto:[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- iQA/AwUBQCh1EpfZ2CSWpu1rEQK2/ACfdem7rx1ZAjGDH0gkHnYlCt8wp1UAoJdC jssl3iQxyaI6nT+ptaCgLqP7 =iJ1j -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.