Polymorphic shellcode: advances in recent years

Aleksander Czarnowski AVET

Polymorphic shellcode: advances in recent years

Polymorphic shellcode is no longer just a research topic - we see it on daily basis in IDS alerts. Recent development by black and white hat community resulted in great advance in penetration techniques, but it still probably the most uncovered area. In this paper I will examine some aids in creating exploits and polymorphic shellcode as well as detection techniques. I will also try to examine the impact of polymorphic shellcode used in penetration testing and real life attacks.

It is important to understand a role and risk associated with polymorphic shellcode, as malware and intrusion detection is in a phase of close integration. We've seen worms using exploits to infect vulnerable hosts. It's only a matter of time before polymorphic shellcode will be used by worm authors. The presentation covers mostly Unix/Linux systems and exploits.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘Very useful and enjoyable, with unparalleled social networking.’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

VB2009

VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland. VB is currently seeking submissions from those wishing to present papers at VB2009. Full details are in the call for papers.

Virus Bulletin currently has 148,287 registered users.

Fighting malware and spam