While i was scrolling my old mails in search of some financial document i found one interesting doc on which i was working long time back and due to some unknown reason didn't able to continue it. Here i am posting that unfinished work. I will try to cover topics in detail in future .
Obfuscation
To totally obscure with non-germane information in a verbose manner, with the intent to provide a non-answer, and provide total befuddlement.
“Any hacker worth his salt is an artist in obfuscation”.
In network security, obfuscation refers to methods used to obscure an attack payload from inspection by network protection systems.
Encryption vs Obsfucation
Obfuscation
Obfuscation, in general, describes a practice that is used to intentionally make something more difficult to understand. In a programming context, it means to make code harder to understand or read, generally for privacy or security purposes. A tool called an obfuscator is sometimes used to convert a straight-forward program into one that works the same way but is much harder to understand.
Encryption
The manipulation of data to prevent accurate interpretation by all but those for whom the data is intended. Financial institutions use encryption to increase the security of data transmitted via the Internet.
Method of obfuscation
Recreational Obfuscation
There are many varieties of interesting obfuscations ranging from simple keyword substitution, use/non-use of whitespace to create artistic effects.
Obfuscation by code morphing
This is achieved by completely replacing a section of the compiled code with an entirely new block that expects the same machine state when it begins execution as the previous section, and will leave with the same machine state after execution as the original. However, a number of additional operations will be completed as well as some operations with an equivalent effect.
Obfuscation in malicious software
Spammers frequently use obfuscated JavaScript or HTML code in spam messages. The obfuscated message, when displayed by an HTML-capable e-mail client, appears as a reasonably normal message—albeit with obnoxious JavaScript behaviors such as spawning pop-up windows. However, when the source is viewed, the obfuscations make it far more difficult for investigators to discern where the links go, or what the JavaScript code does.
Trail obfuscation
The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hoping, zombied accounts, trojan command”.
Advantages of obfuscation
Intellectual property protection
Size reduction
Library linking
Disadvantages of obfuscation
When used alone
At best, obfuscation merely makes it time-consuming, but not impossible, to reverse engineer a
program. When security is important, measures other than obfuscation should be used.
Debugging
Obfuscated code is extremely difficult to debug. Variable names will no longer make sense, and the structure of the code itself will likely be modified beyond recognition. This fact generally forces developers to maintain two builds:
Portability
Obfuscated code often depends on the particular characteristics of the platform and compiler, making it difficult to manage if either change
Obfuscation for Evasion
Protection provided by Security devices can be bypassed by obfuscating the exploit/shellcode . Some of the known methods are:
Encoding
Directory traversing
Null characters
Spaces
No comments:
Post a Comment