1 |
J. Lee, "History of Buffer Overflow," Hacker School, 2008, http://www.hackerschool.org/HS_Boards/data/Lib_system/History_of_Buffer_Overflow.pdf
|
2 |
A. One, "Smashing The Stack For Fun and Profit," Phrack, Vol.7, Nov. 1996, http://www.phrack.org/issues.html?issue=49&id=14
|
3 |
"Vulnerability distribution of cve security vulnerabilities by types," http://www.cvedetails.com/vulnerabilities-by-types.php
|
4 |
B. Martin, M. Brown, A. Paller and D. Kirby, "2011 CWE/SANS Top 25 Most Dangerous Software Errorsh," Common Weakness Enumeration, Sept. 2011, http://cwe.mitre.org/top25/
|
5 |
J. Ma, J. Dunagan, H. J. Wang, S. Savage and G. M. Voelker. "Finding Diversity in Remote Code Injection Exploits," Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 53-64, Oct. 2006.
|
6 |
http://www.snort.org/snort
|
7 |
M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos, "Network-level Polymorphic Shellcode Detection using Emulation," Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment, Vol. 4064, pp. 54-73, 2006
|
8 |
M. Polychronakis, K. G. Anagnostakis and E. P. Markatos, "Emulation-based Detection of Non-self-contained Polymorphic Shellcode," Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pp. 87-106, Sep. 2007
|
9 |
B. Gu, X. Bai, Zh. Yang, A. C. Champion and D. Xuan, "Malicious Shellcode Detection with Virtual Memory Snapshots," Proceedings of the IEEE INFOCOM, pp. 974-982, 2010
|
10 |
H. Shacham, M. Page, B. Pfaff, E. J. Goh, N. Modadugu and D. Boneh, "On the Effectiveness of Address Space Randomization," Proceedings of ACM Conference on Computer and Communications Security, pp. 298-307, Oct. 2004
|
11 |
C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang, "Stackguard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks," Proceedings of the USENIX Security Symposium, pp. 63-78, Jan. 1998
|
12 |
A. N. Sovarel, D. Evans and N. Paul, "Where's the FEEB? On the Effectiveness of Instruction Set Randomization," Proceedings of the USENIX Security Symposium, Vol. 14, pp. 10, Aug. 2005
|
13 |
http://www.metasploit.com/about/
|
14 |
S. Macaulay, "ADMMutate: Polymorphic Shellcode Engine", http://www.ktwo.ca/security.html
|
15 |
T. Detristan, T. Ulenspiegel, Y. Malcom and M. S. van Underduk, "Polymorphic Shellcode Engine Using Spectrum Analysis," Vol. 11, Phrack, Aug. 2003, http://www.phrack.org/issues.html?issue=61&id=9
|
16 |
T. Wana, "Writing UTF-8 Compatible Shellcodes," Phrack, Vol. 11, Sep. 2004, http://www.phrack.org/issues.html?issue=62&id=9
|
17 |
Y. Song, M. E. Locasto, A. Stavrou, A. D. Keromytis and S. J. Stolfo, "On the Infeasibility of Modeling Polymorphic Shellcode," In Proceedings of ACM Conference on Computer and Communications Security, pp. 541-551, Oct. 2007.
|
18 |
Rix, "Writing IA32 Alphanumeric Shellcode," Phrack, Vol. 11, Aug. 2001, http://www.phrack.org/issues.html?issue=57&id=15
|
19 |
Obscou, "Building IA32 Unicode-Proof Shellcodes," Phrack, Vol. 11, Aug. 2003, http://www.phrack.org/issues.html?issue=61&id=11
|
20 |
J. Mason, S. Small, "English Shellcode," Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 524-533, Nov. 2009.
|
21 |
Q. Zhang, D.S. Reeves, P. Ning and S.P. Lyer, "Analyzing Network Traffic to Detect Self-decrypting Exploit Code," Procddeings of the ACM Symp. on Information, Computer and Commun. Security, pp. 4-12 , Mar. 2007.
|