Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Shellcode"
From NetSec
Line 1: | Line 1: | ||
− | Shellcode, bytecode, or [[machine code]] is represented in [[Assembly_Basics#Binary_.26_Hexadecimal|hexadecimal]]. Every [[programming language]] eventually becomes [[binary]]. [[Assembly Basics|Assembly]] translates to [[binary]] [[machine code]]. When writing a [[Buffer Overflows|buffer overflow]] there are many obstructions from [[ | + | Shellcode, bytecode, or [[machine code]] is represented in [[Assembly_Basics#Binary_.26_Hexadecimal|hexadecimal]]. Every [[programming language]] eventually becomes [[binary]]. [[Assembly Basics|Assembly]] translates to [[binary]] [[machine code]]. When writing a [[Buffer Overflows|buffer overflow]] there are many obstructions from [[SIM|security infrastructure]], such as [[DEP]], [[ASLR]], [[firewall|firewalls]], or [[IDS]] and [[IPS]] appliances. |
{{info|This is just one of many shellcoding concepts. Ultimately, the most important concepts are [[anti-heuristics]], [[shellcode obfuscation]], and [[IDS]]/[[IPS]]/[[Firewall]] evasion.}} | {{info|This is just one of many shellcoding concepts. Ultimately, the most important concepts are [[anti-heuristics]], [[shellcode obfuscation]], and [[IDS]]/[[IPS]]/[[Firewall]] evasion.}} |
Revision as of 19:29, 23 March 2012
Shellcode, bytecode, or machine code is represented in hexadecimal. Every programming language eventually becomes binary. Assembly translates to binary machine code. When writing a buffer overflow there are many obstructions from security infrastructure, such as DEP, ASLR, firewalls, or IDS and IPS appliances.
This is just one of many shellcoding concepts. Ultimately, the most important concepts are anti-heuristics, shellcode obfuscation, and IDS/IPS/Firewall evasion. |
- Evading heuristics - evading debuggers, tricking the programmers, attacking debuggers, and evading/attacking virtual machines are all part of this technique. Anti-heuristics rely on the code's ability to protect itself from user, administrator, or even programmer and debugger intervention.
- "Uglifying" one's code - obfuscation includes utilization of polymorphism and metamorphism, and describes anything that makes the code appear to do one thing or hold certain data when in fact the code does something else or holds different data.
- Evading detection engines is currently best done by using alphanumeric shellcode. Alphanumeric and ascii shellcode appear within standard user-printable data, making your arbitrary code appear as standard user inputted data in stead of malicious machine code. Generally it is hard for an admin to detect that this is actually a payload to begin with.
Machine code can be used by a programmer to write any application with an assembly approach because it is just as powerful as any other programming language. |
This article contains too little information, it should be expanded or updated. |
---|
Things you can do to help:
|