Re: Better, more FLAME-like, penetration testing

[Moses <moses () moses io>]

This is an interesting concept. I may have 'seen' this in use in other 
systems like a SOA based system but truly interesting. One end of the 
system is injected and merely builds a message passing channel while the 
other end does the heavy lifting. Very freaking scary. Very freaking 
awesome. Very freaking scary still.

This is pretty genius, I would imagine it doesn't rely on any scripting 
technology like javascript, instead it would rely on the text within 
PDF's. I am not sure how operationally you would get someone to open a 
large number of PDF's but its still a salient idea.

This is very similar to how some of the agents that used comment code in 
http would work. Will this be a part of Canvas going forward and be 
parallel to MosDef?

Dave Aitel wrote:
> One of the core features is that there are channels into and out of 
> the core message pumps, and these are themselves hot-swappable. So for 
> PDF exploits, one of the channels you'll use is a PDF sniffer that 
> sits in the PDF reader and looks at all new PDF's for signed messages 
> from the C&C. It can then use these to update itself with, say, a 
> bi-directional ICMP channel, or a Twitter/IMGUR channel (slightly 
> higher bandwidth). Or a local exploit, of course. 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave