Polymorphism

In this exercise, we will try to analyze and use polymorphism on three ready shellcodes hosted on shell-storm.org.

Polymorphism consists in optimizing or changing the program code while keeping all its functionalities. This technique is very often used to deceive and bypass security systems such as antivirus programs.

Analysis and use of polymorphism, part I:

File Reader

Using JMP-CALL-POP technique, sys_open, sys_read(), sys_write() and sys_exit() system calls to read any file on the filesystem

Part II:

Mkdir

Using sys_mkdir() and sys_exit() system calls to create a folder on the filesystem

Part III:

Modify Hosts File

Using JMP-CALL-POP technique, sys_read(), sys_write() and sys_exit() system calls to update the content of "/etc/hosts"

Jakub Heba, Security Researcher @ AFINE

Research and Security of Web Applications, Assembly, Reverse Engineering. All kind of security related stuff.

Polymorphism

Analysis and use of polymorphism, part I:

Part II:

Part III: