On Friday, January 31, 2014 03:06:11 PM Dave Aitel wrote: > RobFuller Disagrees > > Rob Fuller says "have strong feelings against your latest post on DD - > there are a ton of ways if you stop thinking of a trojan as a process". > > So I like where he's going with this, and I think there's a subtle > difference between an Implant and a backdoor (and I'm not sure where > "Trojan" fits here as he used it). Implants in general tend to have > fairly full featured capability sets (which in the leaked NSA documents > are even standardized). For example, while I can put a backdoor almost > anywhere (say, Outlook.exe), in general you can't offer people Implants > that don't do such amazing things as screengrabs, staged file transfer, > camera feed views, local privesc, WMI access, and covert file storage. > The feature list is fairly large for any base Implant. > > INNUENDO, like most implants, runs as a user-mode thread hiding in some > random process (be it LocalSystem or not). What's the other option that > makes sense?
http://www.phrack.org/issues.html?issue=68&id=9 You can add a scheduler based off alarms and signals and call your code cooperatively within the host process. -Steve _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
