Dailydave mailing list archives
Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic
From: Steve Grubb <sgrubb () redhat com>
Date: Fri, 31 Jan 2014 15:27 -0500
On Friday, January 31, 2014 03:06:11 PM Dave Aitel wrote:
RobFuller Disagrees Rob Fuller says "have strong feelings against your latest post on DD - there are a ton of ways if you stop thinking of a trojan as a process". So I like where he's going with this, and I think there's a subtle difference between an Implant and a backdoor (and I'm not sure where "Trojan" fits here as he used it). Implants in general tend to have fairly full featured capability sets (which in the leaked NSA documents are even standardized). For example, while I can put a backdoor almost anywhere (say, Outlook.exe), in general you can't offer people Implants that don't do such amazing things as screengrabs, staged file transfer, camera feed views, local privesc, WMI access, and covert file storage. The feature list is fairly large for any base Implant. INNUENDO, like most implants, runs as a user-mode thread hiding in some random process (be it LocalSystem or not). What's the other option that makes sense?
http://www.phrack.org/issues.html?issue=68&id=9 You can add a scheduler based off alarms and signals and call your code cooperatively within the host process. -Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- INNUENDO OPSEC THOUGHTS - Windows is Pythonic Dave Aitel (Jan 30)
- Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic Dave Aitel (Jan 31)
- Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic Steve Grubb (Feb 03)
- Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic Andre Gironda (Feb 03)
- Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic Dave Aitel (Jan 31)