ADMutate
¨Tool used evade IDS detection of buffer overflows
¨http://www.ktwo.ca/security.html
¨exploit code fed into ADMutate which modifies the exploit code while retaining the same ultimate function
–NOP instruction replaced with other code that functionally does nothing
–Main part of exploit code contains code to decrypt encrypted instructions
–Least significant byte of Return Pointer modified
¨
¨