[Dailydave] INNUENDO Coding and Auto-Injection Demonstration

Dave Aitel dave at immunityinc.com
Mon May 11 14:39:07 EDT 2015


*INNUENDO Coding and Auto-Injection Demonstration*:
https://vimeo.com/127492458

This is the longest video we have released in some time, clocking in at
twenty minutes. But after that twenty minutes you'll see just how easy
it is to build new functionality into INNUENDO, and you'll see a model
for what I like to think is pretty amazing method of getting back to a
C2 in a real-world corporate network. Everything in that demo is
Real-Time. Nothing is faked. It's amazing how little code it takes to
make sure a big feature.

One thing I find is key about the Windows ecosystem is that each Windows
machine has to be treated as a "network" within the machine, considering
that your view of that machine is so dependent of which user you are
executing as. Modern HIDS makes this even more true: You may be unable
to access the Internet from one process, but able to access it from
another. This is one of the hardest things for OS X users to understand
about Windows hacking. Windows Tokens really don't exist in any other
paradigm and are hard for even hackers to wrap their heads around.

-dave
Ref:
[1]
http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-detoisien/bh-eu-04-detoisien-up.pdf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150511/114014c4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150511/114014c4/attachment.sig>


More information about the Dailydave mailing list