Dailydave mailing list archives
Re: Whitepaper: Implementing and Detecting a PCI Rootkit
From: "Peter Winter-Smith" <peter () ngssoftware com>
Date: Thu, 16 Nov 2006 21:08:21 -0000
Hey Dave(s) (and list)! I think one of the points that John was considering in his paper was the possibility that a remote attack of some nature could actively install one of these which would then persist through re-installs of the operatings system, rather than solely the physical access vector (under the 'Re-flashing a PCI Expansion ROM' section)! Very cool! -Peter ----- Original Message ----- From: "Dave Korn" <dave.korn () artimi com> To: "'Dave Aitel'" <dave () immunityinc com>; <dailydave () lists immunitysec com> Sent: Thursday, November 16, 2006 7:10 PM Subject: Re: [Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
On 16 November 2006 18:25, Dave Aitel wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's really cool. One thing Immunity has been investigating is selling a literal hardware PCI card that you can install into someone's machine which then infects their system and injects a callback shellcode.Does this really have a lot of advantages over just plugging a U3 drive into a less-frequently used usb port round the back of the machine somewhere?That way if you break into someone's office, you can throw these PCI cards into a few desktops and then leave, and you'll get MOSDEF shells at home every day! Nothing to analyze on disk either. :>Wow, no forensics... except of course for your fingerprints and DNA all over the *physical* evidence you left at the scene of crime. Not really sure you're better off that way, I'd rather leave digits behind than anything else. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Whitepaper: Implementing and Detecting a PCI Rootkit John Heasman (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Dave Aitel (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit sinan . eren (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Dan Moniz (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Dave Korn (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Peter Winter-Smith (Nov 17)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Dave Aitel (Nov 17)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit sinan . eren (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Paul Wouters (Nov 16)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Chris Wysopal (Nov 17)
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit Dave Aitel (Nov 16)
- <Possible follow-ups>
- Re: Whitepaper: Implementing and Detecting a PCI Rootkit sinan . eren (Nov 17)