Skip to content

Cybersecurity News

Search for:

Home
Cyber Security
Data Leak
Linux
Malware Attack
Open Source Tool
Technology
Vulnerability
Windows

Home
Cyber Security
Data Leak
Linux
Malware Attack
Open Source Tool
Technology
Vulnerability
Windows

Search for:

Cybersecurity News

Exploitation

sgn v2.0.1 releases: polymorphic binary encoder for offensive security purposes

by do son · Published June 6, 2020 · Updated December 19, 2023

polymorphic binary encoder

SGN

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetectable binary payloads. It uses an additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.

How? & Why?

For the offensive security community, the original implementation of shikata ga nai encoder is considered to be the best shellcode encoder(until now). But over the years security researchers found several pitfalls for statically detecting the encoder(related work FireEye article). The main motive for this project was to create a better encoder that encodes the given binary to the point it is identical with totally random data and not possible to detect the presence of a decoder. With the help of keystone assembler library following improvments are implemented.

64-bit support. Finally properly encoded x64 shellcodes!
New smaller decoder stub. LFSR key reduced to 1 byte
Encoded stub with a pseudo-random schema. Decoder stub is also encoded with a psudo random schema
No visible loop condition Stub decodes itself WITHOUT using any loop conditions !!
Decoder stub obfuscation. Random garbage instruction generator added with keystone
Safe register option. Non of the registers are clobbered (optional preable, may reduce polymorphism)

Execution Flow

The following image is a basic workflow diagram for the encoder. But keep in mind that the sizes, locations, and orders will change for garbage instructions, decoders, and schema decoders on each iteration.

LFSR itself is pretty powerful in terms of probability space. For even more polymorphism garbage instructions are appended at the beginning of the unencoded raw payload. The below image shows the companion matrix of the characteristic polynomial of the LFSR and denoting the seed as a column vector, the state of the register in the Fibonacci configuration after k steps.

Changelog v2.0.1

Register value preserving (-safe option) related bug fixes
Random register selection bug fixed
Better argument parsing
Major code refactoring

Install

go get github.com/egebalci/sgn

Use

Copyright (c) 2019 Ege Balcı

Source: https://github.com/EgeBalci/

Share

Tags: polymorphic binary encoder sgn

Follow:

Search

Visit Penetration Testing Tools & The Information Technology Daily

Support Securityonline.info site. Thanks!

Vulnerability

GitHub Enterprise Server Patches Critical Security Flaw – CVE-2024-9487 (CVSS 9.5)

October 13, 2024
Vulnerability

Critical Vulnerabilities in Bitdefender Total Security Expose Users to Man-in-the-Middle Attacks

October 18, 2024
Vulnerability

CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk

October 26, 2024
Vulnerability

CVE-2024-10392 (CVSS 9.8): Popular WordPress AI Plugin Exposed to Critical Security Risk

October 31, 2024
Vulnerability

CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites

November 8, 2024

Reward

Brilliantly

SAFE!

securityonline.info

Content & Links

Verified by Sur.ly

2022

Website

About SecurityOnline.info
Advertise on SecurityOnline.info
Contact

About Us
Contact Us
Disclaimer
Privacy Policy
DMCA NOTICE
Sponsors

Cybersecurity News © 2024. All Rights Reserved.

x