|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
From: Peter Winter-Smith (peter
ngssoftware.com)
Date: Thu Nov 16 2006 - 15:08:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey Dave(s) (and list)!
I think one of the points that John was considering in his paper was the
possibility that a remote attack of some nature could actively install one
of these which would then persist through re-installs of the operatings
system, rather than solely the physical access vector (under the
'Re-flashing a PCI Expansion ROM' section)!
Very cool!
-Peter
----- Original Message -----
From: "Dave Korn" <dave.kornartimi.com>
To: "'Dave Aitel'" <daveimmunityinc.com>; <dailydavelists.immunitysec.com>
Sent: Thursday, November 16, 2006 7:10 PM
Subject: Re: [Dailydave] Whitepaper: Implementing and Detecting a PCI
Rootkit
> On 16 November 2006 18:25, Dave Aitel wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> That's really cool. One thing Immunity has been investigating is
>> selling a literal hardware PCI card that you can install into
>> someone's machine which then infects their system and injects a
>> callback shellcode.
>
> Does this really have a lot of advantages over just plugging a U3 drive
> into
> a less-frequently used usb port round the back of the machine somewhere?
>
>> That way if you break into someone's office, you
>> can throw these PCI cards into a few desktops and then leave, and
>> you'll get MOSDEF shells at home every day! Nothing to analyze on disk
>> either. :>
>
> Wow, no forensics... except of course for your fingerprints and DNA all
> over
> the *physical* evidence you left at the scene of crime. Not really sure
> you're better off that way, I'd rather leave digits behind than anything
> else.
>
>
> cheers,
> DaveK
> --
> Can't think of a witty .sigline today....
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]