[Dailydave] INNUENDO's Python Executor

Dave Aitel dave at immunityinc.com
Mon Sep 21 10:54:55 EDT 2015 

Many of you read with interest the F-Secure report on 7 years of the
Duke APT
<https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf>
campaign. One image struck out at me, and probably at you as well:

(Image of Duke Campaigns from F-Secure)

As you can see above, this Russian team is running no less than 7
concurrent different toolsets. That's not because they want to.
Partially that is because operational security requires toolset
heterogeneity. But a large part of that is because every mission has
very different requirements. 

For example, there is a large tension between the level of reliability
and portability required by your main toolkit, and the flexibility and
rapid development required by your mission response teams. You want your
mission response scripts to take advantage of the advanced security
features of your main toolkit, but you can't exactly have your line
operators thinking about how they are going to deal with the main
thread-pool or worrying about memory usage in random third party
libraries they want to import. And we all know the danger of having two
developers working on two slightly different sets of requirements: two
entire toolchains built from the ground up because the other person's
code was not "clean".

INNUENDO solves this problem for APT-level penetration testers in a
fairly unique way, which we are announcing today:

  * https://vimeo.com/139697912 (Active Directory Python Executor demo)
  * https://vimeo.com/139697887 (INNUENDO Python Executor
    Introduction/Design Overview)
  * https://vimeo.com/139697901 (Basic INNUENDO Python Executor Recipes)
  * https://vimeo.com/139697907 (Executor Downloads)

{{Python Executor Slide}}


Thanks,
Dave Aitel
Immunity, Inc.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150921/25c9aee5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 85420 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150921/25c9aee5/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 143331 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150921/25c9aee5/attachment-0003.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150921/25c9aee5/attachment-0001.sig>

More information about the Dailydave mailing list