Uninformed: Informative Information for the Uninformed

Vol 5» 2006.Sep


The purpose of this paper was to illustrate the process of implementing a customer encoder for the x86 architecture. In particular, the encoder described in this paper was designed to make it possible to encode payloads in a UTF-8 and tolower safe format. To help illustrate the usefulness of such an encoder, a recent vulnerability in the McAfee Subscription Manager ActiveX control was used because of its restrictions on uppercase characters. While many readers may never find it necessary to implement an encoder, it's nevertheless a necessary topic to understand for those who are interested in exploitation research.