Re: Protecting your code versions.

[coderman <coderman () gmail com>]

hi Dave, long time fan. first time feedbacker, well:

On 9/19/14, Dave Aitel <dave () immunityinc com> wrote:
> ...
> Everyone is sick of the Kaspersky guys doing three hundred page PDFs
> with a long listing of which versions of some trojan they found were
> installed when, and what features each trojan had, and what possible
> code reuse there was. And of course, if there's an 0day in some random
> trojan, everyone likes to rip that out and spend years pontificating
> about it.

no doubt. i prefer my salty rants Aitel stylez! all of us in the game
have lineage to a tee... but i digress,


> But even if I'm not using 0day, I often want to protect my escalation of
> privilege attacks from the defenders. I don't want them able to track my
> code versions, and I don't want them knowing the details of my
> exploitation methods so they can add more features to EMET or KAV.

yeah, fuck those guys trying to make my shit fuck them less!


> That's why INNUENDO allows you to put a password in that protects as
> much of your implant deployment package as possible.

i asked a friend, Volatility, and they said "please to re state in
terms of cryptographic digest for code version and instruction
sequence in terms of exploitation method."

because every consideration they pose evaluates to a "as much as
possible" equivalent to zero. there was agreement from VM recording
and bus lane recording, as well.

best regards,
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave