Flag: Tornado!
Hurricane!
|
|
| prott_packV01A.zip |
393 KB |
Oct 17 2005 |
Protty is a ring 3 library developed to protect against shellcode execution on Windows NT based systems. The full description of the mechanism was published within the Phrack magazine volume #63 (sources of the initial release are also available) . Currently Protty stops most known Windows shellcodes. Moreover it can block some types of viruses which use similiar methods as shellcodes do.
Main features:
- Process Environment Block protection (currently 2 modules protection used)
- Structured Exception Handling protection
- Import section killing (currently main application only)
- Export section protection (currently 2 modules protection used)
- RtlEnterCrticialSection protecting (currently disabled)
Project homepage:
http://pb.specialised.info/all/protty/ |
| tapion_pack01c.zip |
49 KB |
Oct 17 2005 |
TAPiON engine was developed to avoid code detection (shellcode/whatever). The engine can create unical decryptor, encrypt original data and decrypt it on the fly (while code executes).
Main features:
# decryption key based on randomly generated decryptor (attacker breakpoint insertion will cause invalid decryption)
# decryption based on CPU time (selected randomly) - anti emulator code.
# RDTSC / coprocessor instructions usage - anit emulator code.
# random step of block xoring
# random step of key increasing
# random registers usage
# multiple instructions variants
# block swapping
# garbage engine (normal instructions / coprocessor instructions)
# random decryptor size
# multiple decryptor layers generation
Project homepage:
http://pb.specialised.info/all/tapion/ |
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}