hi Dave, long time fan. first time feedbacker, well: On 9/19/14, Dave Aitel <dave@immunityinc.com> wrote:
... Everyone is sick of the Kaspersky guys doing three hundred page PDFs with a long listing of which versions of some trojan they found were installed when, and what features each trojan had, and what possible code reuse there was. And of course, if there's an 0day in some random trojan, everyone likes to rip that out and spend years pontificating about it.
no doubt. i prefer my salty rants Aitel stylez! all of us in the game have lineage to a tee... but i digress,
But even if I'm not using 0day, I often want to protect my escalation of privilege attacks from the defenders. I don't want them able to track my code versions, and I don't want them knowing the details of my exploitation methods so they can add more features to EMET or KAV.
yeah, fuck those guys trying to make my shit fuck them less!
That's why INNUENDO allows you to put a password in that protects as much of your implant deployment package as possible.
i asked a friend, Volatility, and they said "please to re state in terms of cryptographic digest for code version and instruction sequence in terms of exploitation method." because every consideration they pose evaluates to a "as much as possible" equivalent to zero. there was agreement from VM recording and bus lane recording, as well. best regards,