Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

This discussion will cover the theoretical background of using ordinary, readable text to conceal an exploit payload's true content, ending with a practical application of the discussed technique. Encoding a payload as plain text is useful in cases where input filtering eliminates many of most useful values that make up a payload. In particular, Unicode based systems place numerous constraints on acceptable character values, making it worthwhile to create a simple decoder function to decode far more complex shellcode data. The technique is also useful where content filtering is used, the small amount of unusual text making up the decoder could be outweighed by a large amount of grammatically correct text. Darrin Barrall has a varied background in both hardware and software. While working in the hardware world, Darrin repaired electronics in devices ranging from televisions to sports arena lighting systems. After transitioning to the software world, his talents further diversified into banking applications, a