Dailydave mailing list archives
Re: Protecting your code versions.
From: Dan Guido <dguido () gmail com>
Date: Mon, 22 Sep 2014 16:20:24 -0400
I've found it surprising that so few attackers have adopted crypto to protect their toolkits, even after they have empirical evidence from malware like Gauss that it works (note: still not decrypted!). I'm not sure what exactly INNUENDO is using but we've settled on environment-derived keys as a central part of MAST, our software protection engine. No AV in their right mind is going to stream your entire 500GB HD to the cloud for analysis. These techniques are not only applicable to malware. Our intended use case for MAST is, believe it or not, iOS application protection. It's developed in LLVM so it works without modification on any language and architecture that they do. More reading: http://blog.trailofbits.com/2014/08/20/remastering-applications-by-obfuscating-during-compilation/ https://media.blackhat.com/bh-us-12/Briefings/Song/BH_US_12_Song_Royal_Flowers_Automated_WP.pdf -Dan On Fri, Sep 19, 2014 at 2:46 PM, Dave Aitel <dave () immunityinc com> wrote:
http://vimeo.com/106620144 Everyone is sick of the Kaspersky guys doing three hundred page PDFs with a long listing of which versions of some trojan they found were installed when, and what features each trojan had, and what possible code reuse there was. And of course, if there's an 0day in some random trojan, everyone likes to rip that out and spend years pontificating about it. But even if I'm not using 0day, I often want to protect my escalation of privilege attacks from the defenders. I don't want them able to track my code versions, and I don't want them knowing the details of my exploitation methods so they can add more features to EMET or KAV. That's why INNUENDO allows you to put a password in that protects as much of your implant deployment package as possible. Check out the video for more! And of course, if you're interested in trialing or buying INNUENDO, please let us know at admin () immunityinc com! Thanks, Dave Aitel Immunity, Inc. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Protecting your code versions. Dave Aitel (Sep 19)
- Re: Protecting your code versions. Kristian Erik Hermansen (Sep 22)
- Re: Protecting your code versions. Arrigo Triulzi (Sep 22)
- Re: Protecting your code versions. coderman (Sep 22)
- Re: Protecting your code versions. Dan Guido (Sep 23)