¨Tool used evade IDS
detection of buffer overflows
¨exploit code fed
into ADMutate which modifies the exploit
code while retaining the same ultimate function
–NOP instruction
replaced with other code that functionally
does nothing
–Main part of exploit code contains code to decrypt encrypted instructions
–Least significant byte
of Return Pointer modified
¨
¨