Dailydave mailing list archives
INNUENDO Coding and Auto-Injection Demonstration
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 11 May 2015 14:39:07 -0400
*INNUENDO Coding and Auto-Injection Demonstration*: https://vimeo.com/127492458 This is the longest video we have released in some time, clocking in at twenty minutes. But after that twenty minutes you'll see just how easy it is to build new functionality into INNUENDO, and you'll see a model for what I like to think is pretty amazing method of getting back to a C2 in a real-world corporate network. Everything in that demo is Real-Time. Nothing is faked. It's amazing how little code it takes to make sure a big feature. One thing I find is key about the Windows ecosystem is that each Windows machine has to be treated as a "network" within the machine, considering that your view of that machine is so dependent of which user you are executing as. Modern HIDS makes this even more true: You may be unable to access the Internet from one process, but able to access it from another. This is one of the hardest things for OS X users to understand about Windows hacking. Windows Tokens really don't exist in any other paradigm and are hard for even hackers to wrap their heads around. -dave Ref: [1] http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-detoisien/bh-eu-04-detoisien-up.pdf
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- INNUENDO Coding and Auto-Injection Demonstration Dave Aitel (May 11)