Automated Static Malware Analysis with Pythonect
About 5 months ago I have released the first version of Pythonect - a new, experimental, general-purpose high-level dataflow programming language based on Python, written in Python.It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of ... Read More
Modulation and Data Loss Prevention (DLP) Solutions
Last year, my colleague Iftach (Ian) Amit and I gave a talk called 'Sounds Like Botnets' at DEFCON 19 and BSides Las Vegas conferences. Here is a link to the slides [PDF].In the talk, we demonstrated how a combination of modulation and VoIP can be used to bypass enterprise security ... Read More
Decoderless Shellcode Encoding
Today, it's almost impossible to send an unencoded exploit payload over the wire without triggering a Network Intrusion Prevention System (IPS) or Network Intrusion Detection System (NIDS) on the way.The obvious solution is to encode the payload before sending it. A typical encoder yields a new payload that contains both, ... Read More
Linux/x86 Execve Python Interpreter with a Python Program Passed in as String Shellcode
About a month ago, Phrack magazine #68 was released and a linux x86 shellcode (bindshell-tcp-fork.s) that I wrote a few years ago got mentioned in one of the articles.This made me feel nostalgic and I have decided to pack all the shellcodes that I have written over the years into ... Read More
