More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A.
They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode
B.
They convert the shellcode into Unicode, using loader to convert back to machine code then executing them
C.
They reverse the working instructions into opposite order by masking the IDS signatures
D.
They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode
Is this really a proper answer? Question 1064 CEH ver6 is exactly the same and the answer is B: They convert the shellcode into Unicode, using loader to convert back to machine code then executing them.
Which one is true?
Yes is correct. Is A.
http://www.sans.org/security-resources/idfaq/polymorphic_shell.php
a