More sophisticated IDSs look for common shellcode signatures. But even these systems can be
bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it
basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A.
They encrypt the shellcode by XORing values over the shellcode,using loader code to decrypt
the shellcode,and then executing the decrypted shellcode
B.
They convert the shellcode into Unicode,using loader to convert back to machine code then
executing them
C.
They reverse the working instructions into opposite order by masking the IDS signatures
D.
They compress shellcode into normal instructions,uncompress the shellcode using loader code
and then executing the shellcode
Explanation:
C is the Ans.
Answer is A:
To make shellcode polymorphic you can use XOR operations to encrypt it. XOR in this case is the giveaway.
http://www.tenouk.com/Bufferoverflowc/Bufferoverflow5.html