[Dailydave] Protecting your code versions.
coderman at gmail.com
Sun Sep 21 23:23:26 EDT 2014
hi Dave, long time fan. first time feedbacker, well:
On 9/19/14, Dave Aitel <dave at immunityinc.com> wrote:
> Everyone is sick of the Kaspersky guys doing three hundred page PDFs
> with a long listing of which versions of some trojan they found were
> installed when, and what features each trojan had, and what possible
> code reuse there was. And of course, if there's an 0day in some random
> trojan, everyone likes to rip that out and spend years pontificating
> about it.
no doubt. i prefer my salty rants Aitel stylez! all of us in the game
have lineage to a tee... but i digress,
> But even if I'm not using 0day, I often want to protect my escalation of
> privilege attacks from the defenders. I don't want them able to track my
> code versions, and I don't want them knowing the details of my
> exploitation methods so they can add more features to EMET or KAV.
yeah, fuck those guys trying to make my shit fuck them less!
> That's why INNUENDO allows you to put a password in that protects as
> much of your implant deployment package as possible.
i asked a friend, Volatility, and they said "please to re state in
terms of cryptographic digest for code version and instruction
sequence in terms of exploitation method."
because every consideration they pose evaluates to a "as much as
possible" equivalent to zero. there was agreement from VM recording
and bus lane recording, as well.
More information about the Dailydave