Dailydave mailing list archives
Code vs bandwidth
From: Konrads Smelkovs <konrads.smelkovs () gmail com>
Date: Tue, 01 May 2018 18:05:32 +0000
Some time ago Dave defended his very fat Trojan on the account that no one cares if it’s 4 or 40 megs and then there was that discussion about bandwidth and i’d like to tie it together: “The more code and computing capacity you have closer to the object of interest the less bandwidth you need and vice versa”. I’ll illustrate this with a few basic examples: Let’s say you want to portscan a subnet from a compromised PC. You can either use a tunnel to your metasploit instance over C2 or you can use nmap which perhaps an admin installed on the victim’s computer and scan it from there. In one case you will need low latency link in other case you are fine with high latency link. If you want to dump ntdis.dit and copy, it may be that even compressed it is 5+ GB thereby requiring a high bandwidth link or you could extract hashes there by loading some code like ntds_extract and get a compressed file of a megabyte at which point DNS or Email C2 is fine. If you had computing resources available, you could even crack it there on the spot. Code is of course data as well and you need bandwidth to transfer it. Which is why powershell or .net in general are so exciting because the bulk of code - .NET Framework is already pre-loaded and 10kb of compressed powershell can have a lot of advanced functionality which could include parsing mailboxes for content or whatever. Or consider cloud computing such as SaaS eg Office365 Sharepoint. In the old days, say you got root access to the master file share and would want to search every document for a code word, you would have to transfer all those terabytes of data to a computer somewhere, open each doc, search it, etc. Maybe that computer is someone’s laptop on the net, maybe that goes over C2. A hassle. In office365 I just log in as admin and search for keyword and all documents on SP or 1Drive are searched within seconds. The code and compute resource are immediately there. -- -- Konrads Smelkovs Applied IT sorcery.
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Code vs bandwidth Konrads Smelkovs (May 02)