Polymorphic shellcode: advances in recent years presented at Virus Bulletin 2003

by Aleksander Czarnowski (Avet),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2003/abstracts/aczarnowski03.xml

Summary : "Polymorphic shellcode: advances in recent yearsPolymorphic shellcode is no longer just a research topic - we see it on daily basis in IDS
alerts. Recent development by black and white hat community resulted in great advance in
penetration techniques, but it still probably the most uncovered area. In this paper I will
examine some aids in creating exploits and polymorphic shellcode as well as detection techniques.
I will also try to examine the impact of polymorphic shellcode used in penetration testing and
real life attacks. It is important to understand a role and risk associated with polymorphic shellcode, as malware
and intrusion detection is in a phase of close integration. We've seen worms using exploits to
infect vulnerable hosts. It's only a matter of time before polymorphic shellcode will be used
by worm authors. The presentation covers mostly Unix/Linux systems and exploits.