From: Craig Phillips <>

Sent: Wednesday, January 14, 2015 12:15 PM


Subject: Cocktail Talk - Black Hat Obfuscation



Cocktail Talk

April 2015

Cocktail Talk

Dear Craig:   

Welcome to CN Consulting's "Cocktail Talk".


Cocktail Talk is a casual monthly newsletter intended to arm you with amusing bits and bytes of information on whats happening in the computer world. Topics sure to break the ice and capture an audience at many a social or business event.


Cocktail Talk is archived on


Currently, on Cocktail Talk - Black Hat Obfuscation


Now that there are movies and everything about Black Hats it's only fair that we take one more step towards street level and give credit to White Hats. 


White Hats are every bit as capable as Black Hats, they just use their powers for good. Some White Hats are reformed Black Hats, some are just mercenaries. One is me. Like they say "Sometimes bad guys make the best good guys". 


Black Hats and White Hats fight in the cloud, it's all very Spy vs. Spy. Let's take a peek at a real life example from recent memory.


Ms. Black Hat wants to redirect people browsing the internet  to websites that pay her for visitors. She wants to redirect my people's website visitors to some German porn site so she can cash in.. She tried to accomplish this in two ways.


One was to replace some of my people's website programs with bad programs having the same names so her programs ran instead.  She also injected bad code into their existing programs. In either case it's auf wiedersehen mein freund. These programs and code were written in something called PHP. 


Computer geeks love three letter acronyms (TLA's) and PHP is especially loved because it is a recursive acronym, one where the acronym itself is part of  the acronym itself. PHP stands for "PHP: Hypertext Preprocessor", a language popular with web developers. 


The Black Hats try to hide their dirty PHP work by obfuscating their code and the White Hats try to find it. Take a walk with me through an English language example of obfuscated PHP code.


She wants to say GO_to_HELL.. 


She could code a string of characters l_gOthE followed by - 


- Gimme the 3rd, 4th & 2nd characters of that string making them upper case and call them Fred. (Fred would equal GO_)


- Gimme the 5th, 4th and 2nd characters making them lower case and call them Kisses. (Kisses would equal to_)


- Gimme the 6th, 7th, 1st, & 1st characters making them upper case and call them Poodles. (Poodles equals HELL)


- Say Fred + Kisses + Poodles


Computers then read FredKissesPoodles as GO_to_HELL and there, she said it. Auf wiedersehen mein freund. It's a lot like the Soul Train Scramble Board.. 


There are PHP commands to encode and decode strings of characters. Black Hats use these commands to turn code into gibberish before injecting it into our code. They put the decode command in front of the gibberish and PHP turns it back into bad code that we can't even see.


Using a string method, like our Soul Train example,  they can even obfuscate the decode command and all of a sudden our little string of l-gOthE followed by a bunch of gibberish becomes GO_to_HELL infidel-son-of-a-jackal.


White Hats figure this all out to help keep the mean streets of the cloud safe.



You can bet your last money it's a stone gas honey, you can even obfuscate your recursive acronym, you can kiss a poodle, or not, that's your call, and that's Cocktail Talk.



Thank you for reading,



Craig Phillips

CN Consulting, Inc.





CN Consulting, Inc -
Computer Consulting for Business!



CN Consulting Inc. (CNCI) is an independent consulting company formed in 1990 and located within easy reach of both Chicago and Milwaukee.


CNCI maintains a select client base providing consulting services concerning the use of information technology. We persistently look for advantage to our clients in added value and reduced cost made available by advancing technology.


CNCI does not have financial interest in any given product or product line. We evaluate current and emerging technologies solely based on their benefit to our clients. CNCI implements the solutions it recommends and readily partners with companies that offer products and services to the advantage of our clients. CNCI offers complete client support with singular accountability.


We maximize the benefit of our clients' existing technology, systems, and platforms while integrating the benefits provided by new technology.


Business Continuity and Business Development are our goals with Continuity being the foundation of Development.


Forward email

This email was sent to by |  

CN Consulting, Inc.
| 23830 112th St | Salem | WI | 53179


This email was sent by the author for the sole purpose of testing a draft message. If you believe you have received the message in error, please contact the author by replying to this message. Constant Contact takes reports of abuse very seriously. If you wish to report abuse, please forward this message to

No virus found in this message.
Checked by AVG -
Version: 2015.0.5645 / Virus Database: 4260/8930 - Release Date: 01/14/15