In the previous recipe, we uncovered a loop that's used for deobfuscating parts of our binary in order to evade signature detection. In this recipe, we'll pick up from where we left off and identify other loops serving the same purpose. This is only one technique that is used in polymorphic code, but so far it appears to have been effective against our simple signature detection script.
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Setting Up the Lab
- Installing VirtualBox on Windows
- Installing VirtualBox on Mac
- Installing VirtualBox on Ubuntu
- Installing a 32-bit Ubuntu 16.04 LTS Desktop virtual machine
- Installing a 64-bit Ubuntu 16.04 LTS Desktop virtual machine
- Installing the dependencies and the tools
- Installing the code examples
- Installing the EDB Debugger
- Taking a snapshot of the virtual machines
- 32-bit Assembly on Linux and the ELF Specification
- 64-bit Assembly on Linux and the ELF Specification
- Creating a Binary Analysis Methodology
- Linux Tools for Binary Analysis
- Analyzing a Simple Bind Shell
- Analyzing a Simple Reverse Shell
- Identifying Vulnerabilities
- Understanding Anti-Analysis Techniques
- A Simple Reverse Shell With Polymorphism
- Another Book You May Enjoy
Analyzing deobfuscation loops
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.