Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whitepaper: Implementing and Detecting a PCI Rootkit

From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 16 Nov 2006 19:10:42 -0000
On 16 November 2006 18:25, Dave Aitel wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That's really cool. One thing Immunity has been investigating is
selling a literal hardware PCI card that you can install into
someone's machine which then infects their system and injects a
callback shellcode. 


  Does this really have a lot of advantages over just plugging a U3 drive into
a less-frequently used usb port round the back of the machine somewhere?


That way if you break into someone's office, you
can throw these PCI cards into a few desktops and then leave, and
you'll get MOSDEF shells at home every day! Nothing to analyze on disk
either. :>


  Wow, no forensics... except of course for your fingerprints and DNA all over
the *physical* evidence you left at the scene of crime.  Not really sure
you're better off that way, I'd rather leave digits behind than anything else.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: