Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what kind of tool SGN is". The content is simple and easy to understand, and the organization is clear. I hope it can help you solve your doubts. Let Xiaobian lead you to study and learn this article "what kind of tool SGN is".

SGN

SGN is a powerful multi-modal (polymorphic) binary encoding tool that allows penetration testers to easily generate static and undetectable binary payloads with the help of SGN. SGN can encode a given binary instruction using a feedback loop, similar to LSFR.

tool properties

For the cybersecurity community, the original version of the SGN encoder was initially considered the best Shellcode encoder, and it still is. Over the years, however, security researchers have found several bugs in static detection encoders (see FireEye's article). Therefore, the community is constantly improving SGN in order to achieve better coding functions.

The current version of SGN implements the following improvements:

1, 64 bit support, can correctly encode x64 Shellcode.

Smaller decoder stub, LFSR key reduced to 1 byte.

3. The encoder Stub uses pseudo-random pattern, and the decoder Stub also uses pseudo-random pattern coding.

4. Decoder Stub obfuscation, adding random garbage instruction generator.

5, security registration options, will not affect the register.

Tools Install Dependent Components

The dependency components required by this tool are keystone and capstone libraries. The installation methods of these two libraries are as follows:

OS

installation command

Ubuntu/Debian

sudo apt-get install libcapstone-dev

Arch Linux

sudo pacman -S capstone keystone

Mac

brew install keystone capstone

Fedora

sudo yum install keystone capstone

undefined

go get github.com/egebalci/sgn Tools Use

The "-h" option allows you to view the tool's help information directly. If you want to see detailed data about the encoding process, you can use the "-v" option to turn on verbose mode.

Use as a code base

Warning! The SGN package is still under development and focuses primarily on performance improvements, most of which may vary from version to version.

package mainimport ("encoding/hex""fmt""io/ioutil"sgn "github.com/egebalci/sgn/lib")func main() {// First open some filefile, err := ioutil.ReadFile("myfile.bin")if err != nil { // check errorfmt.Println(err)return}// Create a new SGN encoderencoder := sgn.NewEncoder()// Set the proper architectureencoder.SetArchitecture(64)// Encode the binaryencodedBinary, err := encoder.Encode(file)if err != nil {fmt.Println(err)return}// Print out the hex dump of the encoded binary fmt.Println(hex.Dump(encodedBinary)) } Tool Execution Flow

The following figure shows the basic execution flow of the SGN encoder, but keep in mind that the size, location, and order of the garbage instruction, decoder, and mode decoder change with each iteration.

The LFSR itself is very powerful in terms of probability space. The following figure shows the adjoint matrix of the characteristic polynomial of the LFSR and represents the seed as a column vector. The state of the register in Fibonacci configuration after k steps.

The above is "SGN is a tool" all the content of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.