|
Understanding Windows Shellcode
|
|
Hits: 48 |
|
Date added: 01/29/2006 |
|
The topics and assembly in this document have been analyzed in the interest
of spreading knowledge and initiating discussions on the topic of Windows
shellcode. The author is in no way implying that the assembly presented in
this document is the best, nor should one infer that the author speaks from a
pedestal higher than that of the reader. It is the author’s hope that readers will
make suggestions and comments on the subject matter. |
|
|
|
|
|
Writing anti-IDS shellcode
|
|
Hits: 18 |
|
Date added: 01/27/2006 |
|
Author:
In the last few weeks i had made an intensive study of Intrusion -
Detection Systems like snort. I found that several ways of escaping from
being detected while checking for vulnerable CGI's were already made by
RFP (rfp@wiretrip.net). Also many other common intrusion tactics like
port-scanning was also escaped by using stealth-scanners like nmap. But
I noticed that the IDS had also checked for a person trying to remotely
buffer overflow a daemon. When I searched through the net for anti-IDS
tactics for escaping form being tracked, I found none. So i decided to
do a bit of thinking :). |
|
|
|
|
|
|
|
|
|
|
|
|
Reverse Engineering: Memory Analysis
|
|
Hits: 36 |
|
Date added: 01/18/2006 |
|
This paper takes a look at the concept of 'Memory Analysis' as it pertains to reverse engineering. Memory analysis is the process of inspecting the memory layout of a given process while it is running to gain insight into how it functions and, potentially, modifying locations in memory to cause the program to do something unexpected or to see how the program reacts. |
|
|
|
