[Dailydave] File transfer protocols

[Dave Aitel]

The summary of pretty much every operator who has ever used a remote
access tool is that "people don't really understand how TCP works under
stress". Probably this is true for a lot of infosec sub-specialties. But
TCP DOES come under stress - high latency and high packetloss
connections, or simply connections that have a tendency to go up and
down on a frequent and unpredictable basis can make penetration testing
quite painful. It's not just "getting a connectback" that has to be done
to solve your problem - you need to be able to recover and resume your
operations seamlessly. Without major effort into what we call "seamless"
penetration testing protocols, which also have to be covert, modeling
the next generation of nation grade attacker is nearly impossible.

In other words, when you have great connectivity, you need to make the
most of it, and your implant needs to be able to download covertly, and
securely, as quickly as possible. When you truly terrible connectivity,
your implant STILL needs to be able to download large files covertly,
securely, and as quickly as is reasonable.  And of course, it's not just
files that you will need to download - many of your implant's
operations  will generate huge volumes of data, and so exposing this
transfer process as a generic API is necessary to enable even
deceptively simple things like "get a file listing of C:\" to work properly.

If you're interested this how Immunity solved these problems please view
the following video!
INNUENDO File Transfer Video: http://vimeo.com/97757542

Thanks,
Dave Aitel
Immunity, Inc.








-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140610/05721aba/attachment.sig>