More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers – it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A.
They convert the shellcode into Unicode, using loader to convert back to machine code then executing them
B.
They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode
C.
They reverse the working instructions into opposite order by masking the IDS signatures
D.
They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode
Explanation:
In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.
It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine.
Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode