Frank Boldewin (http://www.reconstructer.org/) developed a shellcode detection method to find shellcode in Microsoft Office files, like .doc and .xls files. He released this as a feature of his OfficeMalScanner tool (http://www.reconstructer.org/code.html).
I consider this a very interesting detection method, and wanted to use this method on other file types like pictures. That’s what motivated to integrate this in my XORSearch tool.
more here...........https://isc.sans.edu/diary/Guest+Diary%3A+Didier+Stevens+-+Shellcode+Detection+with+XORSearch/18929
I consider this a very interesting detection method, and wanted to use this method on other file types like pictures. That’s what motivated to integrate this in my XORSearch tool.
more here...........https://isc.sans.edu/diary/Guest+Diary%3A+Didier+Stevens+-+Shellcode+Detection+with+XORSearch/18929