Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
Today’s cyber defenders must not only identify and understand the threats their organizations are facing; security teams must also understand the techniques adversaries use at the most tactical levels. Matching and mastering the tradecraft adversaries demonstrate is required for organizations to stay one step ahead of advanced threats.
Our Shellcode Signatures Series is a deep dive into the functionality of a handful of shellcode encoders and obfuscators, along with detection signatures and tips to help network defenders detect the tools in action. By disassembling and stepping through different encoders, we hope to increase the understanding of how the encoders and obfuscators work so that our readers can develop their own signatures to detect the tools. Conversely, a deeper understanding of the tools’ functionality should help our more offensively-minded, red team-focused readers write encoders that stand a better chance of slipping past their blue team counterparts.
Here's a list of the topics we covered in our series:
Our series highlighted that not all encoders are created equally—some can be easily detected with signatures from tools like Yara, but others can be a bit more elusive and difficult to pin down. The encoders that were the easiest to detect were the ones that contained a static decode loop, a section of code that remains constant every time the encoder is used and that is easy to write a signature around. Encoders that proved to be a bit more challenging were those that randomized their encoding processes so that static, predictable code segments were kept to a minimum. Zutto Dekiru, an encoder that uses a “coin flip” technique to randomize how it stores and accesses the stack pointer, is one example of the encoders that complicate signature-based detections. Even more advanced encoders take steps to randomize control flow and re-write constants—a feature that may force a signature developer to wildcard so many bytes that the signature's quality and performance is significantly degraded.
There is a myriad of methods used by cyber threat actors to alter malware code and impede network defenders’ detection and analysis of the programs. Though we just scratched the surface, these tactical threat intelligence techniques from our seasoned team of analysts provide concrete steps that security defenders can implement to further protect their organizations.
Booz Allen provides cyber tradecraft and experience to continually combine the right talent and technology—giving our clients immediate 24x7 capability uplift in their cyber program. Learn more about Booz Allen’s approach to cyber threat intelligence.
We offer these recommendations for informational use only and do not make any warranties or other promises they will be effective in managing cyber threats. If you would like assistance in addressing a type of threat, please feel free to contact us.