[Dailydave] Smart channel configurations, something you needed but never thought you needed, like a thneed.

dave aitel dave at immunityinc.com
Thu May 4 14:27:40 EDT 2017


https://vimeo.com/215905922

https://vimeo.com/215906923

https://vimeo.com/200421115

Ok, so I have a hard time explaining what it means for an implant to be
"brainy". To be fair, we have a hard time explaining WHY we want our
implants to be brainy. Not-brainy is a perfectly valid approach! Many a
196 byte worm coded entirely in hand-assembly has lived a long and
fruitful life on the Internet.  But look , let's say you are in the
market for an implant that can do the kinds of things whatever Wikileaks
will leak in 2018 can. That requires brains.

Here's an example: An implant that from 9-5 uses the web to communicate
to your C2, and the rest of the time, a very slow ICMP covert channel.

Or perhaps one that can auto-detect what the network proxy your network
is using is, and configure itself to use that. Or one that looks that
the email subject lines you tend to use, and then runs that through a
bit of Bayesian magic to create similar ones which it uses to
communicate with the C2. Or one that sees that all the implants on the
local network are being taken out, and intelligently switches off for a
while, and then uses a different C2 when it wakes up. Incident response
response, as we call it!

Watch the videos, and let us know if you have any better ideas. :)

-dave





More information about the Dailydave mailing list