Home page logo
/

dailydave logo Dailydave mailing list archives

Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic
From: Steve Grubb <sgrubb () redhat com>
Date: Fri, 31 Jan 2014 15:27 -0500

On Friday, January 31, 2014 03:06:11 PM Dave Aitel wrote:
RobFuller Disagrees

Rob Fuller says "have strong feelings against your latest post on DD -
there are a ton of ways if you stop thinking of a trojan as a process".

So I like where he's going with this, and I think there's a subtle
difference between an Implant and a backdoor (and I'm not sure where
"Trojan" fits here as he used it). Implants in general tend to have
fairly full featured capability sets (which in the leaked NSA documents
are even standardized). For example, while I can put a backdoor almost
anywhere (say, Outlook.exe), in general you can't offer people Implants
that don't do such amazing things as screengrabs, staged file transfer,
camera feed views, local privesc, WMI access, and covert file storage.
The feature list is fairly large for any base Implant.

INNUENDO, like most implants, runs as a user-mode thread hiding in some
random process (be it LocalSystem or not).  What's the other option that
makes sense?

http://www.phrack.org/issues.html?issue=68&id=9

You can add a scheduler based off alarms and signals and call your code 
cooperatively within the host process.

-Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]