[Dailydave] INNUENDO OPSEC THOUGHTS - Windows is Pythonic
Steve Grubb
sgrubb at redhat.com
Fri Jan 31 15:27:00 EST 2014
On Friday, January 31, 2014 03:06:11 PM Dave Aitel wrote:
> RobFuller Disagrees
>
> Rob Fuller says "have strong feelings against your latest post on DD -
> there are a ton of ways if you stop thinking of a trojan as a process".
>
> So I like where he's going with this, and I think there's a subtle
> difference between an Implant and a backdoor (and I'm not sure where
> "Trojan" fits here as he used it). Implants in general tend to have
> fairly full featured capability sets (which in the leaked NSA documents
> are even standardized). For example, while I can put a backdoor almost
> anywhere (say, Outlook.exe), in general you can't offer people Implants
> that don't do such amazing things as screengrabs, staged file transfer,
> camera feed views, local privesc, WMI access, and covert file storage.
> The feature list is fairly large for any base Implant.
>
> INNUENDO, like most implants, runs as a user-mode thread hiding in some
> random process (be it LocalSystem or not). What's the other option that
> makes sense?
http://www.phrack.org/issues.html?issue=68&id=9
You can add a scheduler based off alarms and signals and call your code
cooperatively within the host process.
-Steve
More information about the Dailydave
mailing list