Polymorphic shellcode API

Presented at DEF CON 9 (2001), July 14, 2001, 6 p.m. (50 minutes)

Polymorphism has been around for years in the form of virus attacks. There is a wealth of information pertaining to this. This presentation will concern itself with the implementation of an API designed to place some black-box code (probably shellcode) within an encoded structure and deliver it against a number of Architectures (SPARC,HP,IA32,more soon).

This code has been tested thoroughly against a number of popular NIDS Sensors (ISS, snort, dragon, NFR, ), and has proven that as of yet, the code itself can NOT be detected at all. There are some possible methods of detection and that will be analyzed and future modifications to further evade these measures.

Presenters:

• K2
  K2 is a security consultant for a major multi-national company, personally located in Vancouver, Canada. Spare time spent mostly investigating OS/Network vulnerabilities and the exploitation there of :) Years of assembly experience and a well developed cross-platform knowledge base.

Links:

• https://defcon.org/html/defcon-9/defcon-9-speakers.html#K2
• https://infocon.org/cons/DEF CON/DEF CON 9/DEF CON 9 video/DEF CON 9 - K2 - Polymorphic Shell Code API.mp4
• https://www.youtube.com/watch?v=6Lya3B86Hks

Similar Presentations:

• AppSec USA 2017 / An Overview of API Underprotection
• DEF CON 17 (2009) / Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode