Exploit generation and code obfuscation

Together with two fellow students I wrote a paper about Exploit generation and code obfuscation. You can download the paper below – unfortunately at the moment it is only available in German.

Abstract

To delude anti-virus tools and intrusion detection systems (IDS) the creators of malware use different kinds of obfuscation. In this way the malware’s behavior and communication is hidden from the victims. Data compression and encryption are examples on how criminals use obfuscation techniques to bypass package filters, IDS and signature based malware detection of anti-virus programs.

This paper describes different obfuscation techniques to show the reader how easy it is to generate and obfuscate malware based on existing exploits – the newly generated malware can’t be detected by anti-virus software and can be executed on the target host. A proof of concept shows the procedure, tools, efforts and knowledge needed to obfuscate malware.

Based on the proof of concept the potential risk for companies is assessed and counter measures are introduced and evaluated.

Paper (in German):

Obfuscation and exploit generation paper