Virus Blog

Rishi: Identify Bot Contaminated Hosts

— Posted by zeroq @ 17:10 - 28 Apr, 2007

The HotBots'07 conference took place a few weeks ago in Cambridge, USA. The paper published by Thorsten Holz and me is now available, as well as, the slides of the talk held by Thorsten Holz.
This workshop was by invitation only. As a courtesy, USENIX made the accepted papers available to everyone.

 (More)

Reversing Shellcode Part 3

— Posted by zeroq @ 15:46 - 19 Apr, 2007

It is time for the final part of the reversing shellcode trioligy. We will take a closer look at so-called multibyte xor encoder and a possibility to decode the shellcode. For more information on different types of shellcode, encoders etc, visit one of the following sites: Metasploit or Milw0rm

First lets look at the decoder part of the encrypted shellcode. As usual it follows the NOP section:

 (More)

Powered by kulando