writing multi platform spyware disclaimer this talk is
play

WRITING MULTI - PLATFORM SPYWARE *DISCLAIMER* this talk is about - PowerPoint PPT Presentation

WRITING MULTI - PLATFORM SPYWARE *DISCLAIMER* this talk is about techniques, not actions. You and ONLY you are responsible for what you do. MISSION: the job of spy ware, is to spy, the goal of the spy ware operator is to spy on humans... the


  1. WRITING MULTI - PLATFORM SPYWARE

  2. *DISCLAIMER* this talk is about techniques, not actions. You and ONLY you are responsible for what you do.

  3. MISSION: the job of spy ware, is to spy, the goal of the spy ware operator is to spy on humans...

  4. the goal is simple, acquire as much data as possible, while remaining as hidden as possible.

  5. memory corruption disk writes "event" triggers network "volume" CPU load

  6. visible changes to the UX reverse engineering is an ever - present risk.

  7. TL;DR, ONCE YOUR TARGET SUSPECTS YOUR EXISTENCE, YOU LOSE.

  8. INTELLIGENCE GATHERING

  9. MEMORY PERSISTANCE SHARED OBJECT INJECTION ENTER PROCESS PTRACE SNAPSHOT OVERRIDE PT EXCEPTION SETUP NULL CALL REPLACE REGISTERS RESUME

  10. MEMORY PERSISTANCE HOOKING SYSCALLS PROCESS someSysCall() yourCode()

  11. MEMORY PERSISTANCE "THEY'RE IN THE KERNEL!"

  12. MEMORY PERSISTANCE DLL INJECTION CreateRemoteThread()

  13. MEMORY PERSISTANCE HOOKING ON WINDOWS SetWindowsHookEx() SetThreadContext() DLL redirection

  14. MEMORY PERSISTANCE LDPRELOAD ON / DYLD_INSERT_LIBRARIES PROCESS MIGRATION

  15. MEMORY PERSISTANCE MODIFY & REPLACE THE APP / LIB then kill the original process (and restart it if required)

  16. MEMORY PERSISTANCE ROOT@LOCALHOST:~# BACKDOOR-FACTORY AUTHOR: JOSHUA PITTS EMAIL: THE.MIDNITE.RUNR[A T]GMAIL<D O T>COM TWITTER: @MIDNITE_RUNR

  17. MEMORY PERSISTANCE INSTALL A WINDOWS SERVICE CRON LAUNCHD DLL REDIRECTION

  18. MEMORY PERSISTANCE C:\Users\<user name>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup .bashrc ... init.d modification USB / CDROM autorun network connection auto run (Little Snitch, Microsoft GPO poising

  19. MEMORY PERSISTANCE

  20. DATA MINING

  21. DATA MINING

  22. DATA MINING

  23. DATA MINING

  24. DATA MINING

  25. DATA MINING SSH, VPN, SSL, VNC, RDP, DOMAIN, etc, keys / certs key logger data password databases packet captures GPG, in - memory key tokens whats app signal tor SMIME bio - metric scanners etc...

  26. DATA PROCESSING

  27. DATA PROCESSING

  28. DATA PROCESSING

  29. DATA PROCESSING

  30. DATA PROCESSING

  31. DATA PROCESSING ELASTICSEARCH

  32. DATA PROCESSING STRINGS, SED, AWK, GREP, CUT, HEXDUMP, FILE, ETC...

  33. CONCLUSION YOUR TARGETS ARE HUMANS, SO STUDY HUMANS DON'T RE INVENT THE WHEEL PRACTICE PRACTICE PRACTICE MULTIPLAYER IS ALWAYS BETTER

Recommend


More recommend