Immunity, Inc. is pleased to announce the availability of makeunicode2.py - a Python program that will encode arbitrary x86 shellcode into a valid unicode string. This program is available from the BlackHat web site at http://www.blackhat.com/html/win-usa-03/win-usa-03-speakers.html#David%20Aitel (currently Immunity, Inc.'s website's DSL line is undergoing "repairs", and is unavailable until March 12th. Getting reliable business DSL service in NYC is like trying to get DSL service to the moon). Although encoding shellcode into a valid Unicode string may seem obscure, it allows the exploitation of a large segment of buffer overflow attacks, especially on Windows systems, previously thought to be "prohibitively difficult." makeunicode2.py was originally part of CANVAS, Immunity Inc's exploitation demonstration product, but is now released under the Gnu Public License (v2.0). Dave Aitel Marketing and Public Relations Director Immunity, Inc. 917-545-4742 http://www.immunitysec.com/ http://www.immunitysec.com/CANVAS/ (Links will be available again after March 12th, 2003, if Verizon is to be believed.)
This archive was generated by hypermail 2b30 : Thu Feb 27 2003 - 10:04:47 PST