62 Handbook of SCADA/Control Systems Security
reliant upon specic memory offsets of an application given a specic patch level.
Once an application is patched, the memory allocation of the vulnerable point may
change, rendering the exploit inoperative. This is not the same as the payload that
is delivered and installed following a successful exploit. The exploit is designed
to enable access, while the payload is designed to retain access. What the analyst
would expect to see will differ depending on what class of malware it is. Getting
back to the human in the loop, the malware coders are not waking up every day
designing new innovative ways to exploit the x86 architecture. Once an operational
payload is designed, they will continue to repur ...