GET /api/techniques/354/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 354,
"key": "shikata-ga-nai-sgn",
"unprotect_id": "U0708",
"name": "Shikata Ga Nai (SGN)",
"description": "Shikata Ga Nai (SGN) is a data obfuscation technique that employs a polymorphic binary encoding scheme. It was initially developed by Ege Balci and gained popularity through its implementation in Metasploit Framework's msfvenom. SGN takes a binary input and generates a self-decoding obfuscated shellcode. The algorithm utilizes a XOR feedback loop for encoding and prefixes a decoding routine to the payload. Additional garbage instructions are added to enhance obfuscation and make the payload highly resistant to static heuristic analysis. The resulting blob can be executed from the first instruction, which will decode and run the original binary payload. It's important to note that the SGN-encoded shellcode requires a RWX (Read-Write-Execute) protected memory space for proper execution.",
"resources": "https://github.com/EgeBalci/sgn\nhttps://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/shikata_ga_nai.rb\nhttps://www.mandiant.com/resources/blog/shikata-ga-nai-encoder-still-going-strong",
"creation_date": "2023-07-03T23:47:32.505000Z",
"tags": "Shikata Ga Nai (SGN), data obfuscation, polymorphic binary encoding scheme, Ege Balci, msfvenom, self-decoding obfuscated shellcode, XOR feedback loop",
"modification_date": "2023-10-04T10:44:32.987000Z",
"category": [
7
],
"rules": [
134
],
"attachments": [],
"featured_api": [],
"contributors": [
29
]
}
