Sciweavers

CCS
2009
ACM

English shellcode

14 years 7 months ago
English shellcode
History indicates that the security community commonly takes a divide-and-conquer approach to battling malware threats: identify the essential and inalienable components of an attack, then develop detection and prevention techniques that directly target one or more of the essential components. This abstraction is evident in much of the literature for buffer overflow attacks including, for instance, stack protection and NOP sled detection. It comes as no surprise then that we approach shellcode detection and prevention in a similar fashion. However, the common belief that components of polymorphic shellcode (e.g., the decoder) cannot reliably be hidden suggests a more implicit and broader assumption that continues to drive contemporary research: namely, that valid and complete representations of shellcode are fundamentally different in structure than benign payloads. While the first tenet of this assumption is philosophically undeniable (i.e., a string of bytes is either shellcode ...
Joshua Mason, Sam Small, Fabian Monrose, Greg MacM
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where CCS
Authors Joshua Mason, Sam Small, Fabian Monrose, Greg MacManus
Comments (0)