[JoachimSchipper]

There are certainly people who write shellcode. As I understand it, people have written shellcodes that use only bytes that happen to map to ASCII, are obfuscated to bypass intrusion detection systems, and so on. I'm sure it requires quite a bit of (specialized) knowledge.

[tptacek]

That was more common in the late '90s than it is now (and note that it involves knowing only a very few instructions; enough to call a function or the system call gate).

There are occasional exploits that can't be pieced together out of other people's shellcode, but there are also perhaps 10 people in the world that write those exploits.

[lallysingh]

Well, more like bytecode that doesn't contain a zero-byte, which'd stop a string dead-on.

[tptacek]

In '96 when I wrote the Crispin IMAP server bug, I can't remember which way it was but you either couldn't have uppercase letters, or could only have uppercase letters, in the shellcode. I thought I was kind of badass for writing that code. Of course, by '99, that was a triviality.

Just saying, it's not just NUL.