Re: INNUENDO OPSEC THOUGHTS - Windows is Pythonic

[Steve Grubb <sgrubb () redhat com>]

On Friday, January 31, 2014 03:06:11 PM Dave Aitel wrote:
> RobFuller Disagrees
>
> Rob Fuller says "have strong feelings against your latest post on DD -
> there are a ton of ways if you stop thinking of a trojan as a process".
>
> So I like where he's going with this, and I think there's a subtle
> difference between an Implant and a backdoor (and I'm not sure where
> "Trojan" fits here as he used it). Implants in general tend to have
> fairly full featured capability sets (which in the leaked NSA documents
> are even standardized). For example, while I can put a backdoor almost
> anywhere (say, Outlook.exe), in general you can't offer people Implants
> that don't do such amazing things as screengrabs, staged file transfer,
> camera feed views, local privesc, WMI access, and covert file storage.
> The feature list is fairly large for any base Implant.
>
> INNUENDO, like most implants, runs as a user-mode thread hiding in some
> random process (be it LocalSystem or not).  What's the other option that
> makes sense?

http://www.phrack.org/issues.html?issue=68&id=9

You can add a scheduler based off alarms and signals and call your code 
cooperatively within the host process.

-Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave