Saturday, May 23, 2009

A protocol of protocols. Hiding yourself in the noise...

Alright, so I have been involved in a lot of remoting++ (WCF Net.Tcp stack). I have also had a bit of rootkit development along with a taste of NIPDS/SIPDS evasion study.... the result was the bastard child of a rootkit and the [pick your agency] having a god like baby - using protocols as a systematic, pre-referenced structured table with return types. Create 8 endpoints and assign them for bit 0 - 7. Have them all report to a super-strucutre that responds to each received event from each of the hosts. Take their key value from the collection and generate a byte. Use that byte to call to a collection and get that key. Execute the delegate at that location (key=byte, value=delegate(C#) or function pointer(C)). The return type would be anticipate by a shared command table (SCT) which was bootstrap gen'd on build for that target. Instant, unstoppable - undetectable rootkit - or bullshit? And why?

No comments:

Post a Comment