A hacker has revealed one of his techniques for disguising malicious code, which could be used to attack a network.
The hacker, known only as K2 to protect his alternative identity as a security consultant, revealed the code last week at a security seminar in Vancouver. He said that his ADMutate application could effectively cloak a malicious program, hiding it from pattern recognition systems that comprise the main element of most intrusion detection (ID) systems.
ID systems look for a recognised signature in the vehicle of attack and every time a new variant is developed, ID system developers update the signature file on their software to combat the threat.
But K2 claims that a technique called polymorphic coding can change the code structure of any attack tool, such as a buffer overflow generator, enough to outwit most ID systems, effectively creating a new type of attack every time it is used.
"Trust me, this will blow away any pattern matching," said K2. "This is a way to keep the exploits brand-new, all the time." Usually when an attacker tries a buffer overflow attack, an ID system will match a string contained in the data or shellcode of the attack and generate an alert. ADMutate generates different strings or signatures every time so the ID system does not recognise the threat.
This means that hackers could gain ground on security experts because it takes time for ID system developers to update their products - a situation made more difficult because hackers can generate a possibly infinite amount of random strings.
But before security professionals start giving up the fight, K2 himself cast a glimmer of hope, saying that there aren't enough potential users in the hacker community with the skill to use ADMutate effectively.
He claimed there was a fine line between fooling the security scanners and modifying the hacking tool so much that it breaks. "It's not really a kiddie application. It requires a lot of skill, and anyone who does have the skill will be the guy to discover the vulnerabilities first," he said.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago