Let's test our signature detection script against our polymorphed binary. Run the following steps exactly as you see them:
- In the first Terminal tab, type the following command:
$ ./sigDetect.py ch10-revshell64-poly
- In the second Terminal tab, type the following command:
$ less non-poly-output*
- Use the down arrow on the keyboard in this Terminal tab to navigate to the *** OBJDUMP EXECUTABLE *** section of the output.
- Review this output.
- In the third Terminal tab, type the following command:
$ less poly-output*
- Use the down arrow on the keyboard in this Terminal tab to navigate to the *** OBJDUMP EXECUTABLE *** section of the output.
- Review this output, and compare it with the output of the non-polymorphed version of the output.