From: Don Parker (dparker@rigelksecurity.com)
Date: Fri Jan 30 2004 - 08:44:53 EST
Hello group, have a question to ask which is about using obfuscated shell code during a
pen test. Do any of you actually use home cooked obfuscated shell code during a pen test?
By that I mean do you replace the known sled of x90 with another 1 byte instruction that
won't affect the egg?
Outside of some .gov and .mil clients do you even bother offering this level of
granularity to your clients? It is not every client out there governmental or otherwise
that has application level firewalls working in tandem with an IDS, and even more
importantly an analyst who will recognize a possible overflow.
With the development of such tools as ADMutate among others this is becoming of genuine
concern. I would be most interested in hearing your opinions, and or insights.
Cheers!
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT