Introduction

In the art of vulnerability exploitation there are often numerous hurdles that one must overcome. Examples of hurdles can be seen as barriers to traversing the attack vector and challenges with developing an effective vulnerability exploitation technique. A critical step in the later inevitabley requires the use of an exploit payload, traditionally referred to as shellcode. A payload is the functional exploit component that implements the exploit's purpose[1].

One barrier to successful exploitation may be that including certain byte values in the payload will not allow the payload to reach its destination in an executable form[2], or even at all. Another hurdle to overcome may be that an in-line network security monitoring device such as an Intrusion Prevention System (IPS) could be filtering network traffic for the particular payload that the exploit intends to deliver[3, 288-289], or otherwise extracting the payload for further automated analysis[4][5, 2]. Whatever the hurdle may be, many challenges relating to the payload portion of the exploit can be overcome by employing what is known as a payload encoder.

• Payload Encoders
  • Encoder
  • Decoder Stub
  • Example: Metasploit Alpha2 Alphanumeric Mixedcase Encoder (x86)
  • Keyed Encoders