Cool video!
Are you sure you need a dirty version of dsplit though? The one in the video looks clean.
Now I wonder if this could possibly be applicable to real virus's to make them undetectable?!?
I should fix my screensaver I have since it shows up dirty but I wrote the code myself and I know its not.
The program itself is not "dirty". AVs simply detect it has a "hacktool" because it could be used for malicious purposes. Most AVs will do the same with Netcat. They call it a "hacktool" but it's harmless in and of itself.Originally Posted by hhmatt81
Your premise is exactly what the video was about.
muts gave a presentation at Shmoocon that accomplished the same thing albeit by different means. You can find that video here.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Yes, there are many ways to achieve similar results - and most, if not all, applicable tools would be flagged by most modern day AV software..... It's all part of the "dumbed-down" user experience everyone expects and enjoys with their PC's these days!
As a side-note, I remember some years back an interesting tool which worked "both ways" called Armadillo. Anyone still use that?
Gotta love muts! Great presentation!
Is there a video that shows this a little clearer? Its hard to make out some of the assembly code he uses.
Where did he get the 1000 byte buffer?
I think that it will be featured in the Backtrack2Max course.
Really looking forward to it.
Tiocfaidh ár lá
Are you sure? He used vista throughout the entire presentation.
I got the same thing, scanned it and it went crazy. Gonna redownload it in a bit.
If you are going to raise a thread this old from the grave you should at least have something with a bit more substance to add to the conversation....
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Posting Permissions
