Obfuscation (software) - Wikipedia
wikipedia.org
Code morphing - Wikipedia
wikipedia.org
nobody inside white uses such term --> code morphing, this is heavily used inside our community
Octavian MorphMePlease https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/73254/post-587652
DoppleKSE "...olvm, which is not intended for morphing at all in the context of AV bypass..."
DildoFagins https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/42944/
Obfuscation of C/C++ code using Python and libclang
https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/106900/
Tree rewriter
https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/102782/post-714365
secidiot"This is all good, of course, but what about the output detections? The standard llvm obfuscator immediately has a tree in the statics of Trojan/Win32.Generic, Win64:Malware-gen, Unsafe, etc., no matter how I tweak those settings. And simply “obfuscating” (diluting it with branches, loops, mat operations) does not make sense when, for example, you have imports (imphash), the resources are the same on each build.
You can look somewhere in my messages on the forum, I wrote about what morphing should really look like so that your software can live for years without cleaning, with daily spills and rental of software, I don’t want to just repeat it."
http://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/34888/
Unknown"...The detection here is static. The morpher must “dilute” the code, thereby removing the signature. But - he should not stupidly insert garbage in front and behind. He must morph the existing code so that the result is the same. Well, it takes the variable i and subtracts it from it, multiplies it, performs the operations ror xor rol , and so on. Fake API and import generators are not so critical; it is important to morph and transform the existing code."
https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/103043/post-715149
salsa20 "Thus, the constant will be calculated during program execution based on complex graph transformations."
Automated Obfuscation of Windows Malware and Exploits Using O-LLVM
Intro I was thinking over how easily Meterpreter stagers can be statically detected nowadays by commercial antivirus (AV) scanners and online tools like VirusTotal. The stagers can be easily detected even when using msfvenom’s built-in encoders/encryptors or the techniques of evasion frameworks...
www.politoinc.com
the question is obvious already, what does our forum need in general? morphers vs obfuscators, the difference lies in adding techniques like api obfuscation, anti debugging to obfuscators == morphers
or things like control flow morphing + opaque predicates + call graph morphing are enough?
because we all enjoyed DildoFagins articles on obfuscation + tree writer
please let us discuss + settle the debate
what is interesting to forum for the competition + articles + private commerce?
also inside your opinion --> which is what? morpher or obfuscator?
1. MorphMePlease - Octavian
2. Tree Rewriter - DildoFagins
3. OLLVM
4. what mr Unknown asked for here http://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/34888/
more examples of morphers