Simple Shellcode Obfuscation
http://funoverip.net/2011/09/simple-shellcode-obfuscation/
Gives practical information as to how shellcode can be obfuscated using PERL scripts to evade anti-virus and IDS detection.
The deobfuscation technique is also explained.
Obsfuscated code will have to be deobfuscated at run-time.
Run-time code is automatically deobfuscated. The deobfuscation stub in assembly language is given.\
Thus realtime analysis of run-time code will indicate the real behavior of the shellcode.
-Joseph Ponnoly
http://funoverip.net/2011/09/simple-shellcode-obfuscation/
Gives practical information as to how shellcode can be obfuscated using PERL scripts to evade anti-virus and IDS detection.
The deobfuscation technique is also explained.
Obsfuscated code will have to be deobfuscated at run-time.
Run-time code is automatically deobfuscated. The deobfuscation stub in assembly language is given.\
Thus realtime analysis of run-time code will indicate the real behavior of the shellcode.
-Joseph Ponnoly
Antivirus evasion of JavaScript payloads and exploits. Though MetaSploit encoder can hide the payloads, the exploit may still be detected by AV.
ReplyDeleteHere an example is given how the JavaScript source code is tweaked to prevent detection of the exploit also.
http://funoverip.net/2011/04/100pc-anti-virus-evasion-with-metasploit-browser-exploits-from-ms11-003/