Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
From: Peter Winter-Smith (peterngssoftware.com)
Date: Thu Nov 16 2006 - 15:08:21 CST
Hey Dave(s) (and list)!
I think one of the points that John was considering in his paper was the
possibility that a remote attack of some nature could actively install one
of these which would then persist through re-installs of the operatings
system, rather than solely the physical access vector (under the
'Re-flashing a PCI Expansion ROM' section)!
----- Original Message -----
From: "Dave Korn" <dave.kornartimi.com>
To: "'Dave Aitel'" <daveimmunityinc.com>; <dailydavelists.immunitysec.com>
Sent: Thursday, November 16, 2006 7:10 PM
Subject: Re: [Dailydave] Whitepaper: Implementing and Detecting a PCI
> On 16 November 2006 18:25, Dave Aitel wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> That's really cool. One thing Immunity has been investigating is
>> selling a literal hardware PCI card that you can install into
>> someone's machine which then infects their system and injects a
>> callback shellcode.
> Does this really have a lot of advantages over just plugging a U3 drive
> a less-frequently used usb port round the back of the machine somewhere?
>> That way if you break into someone's office, you
>> can throw these PCI cards into a few desktops and then leave, and
>> you'll get MOSDEF shells at home every day! Nothing to analyze on disk
>> either. :>
> Wow, no forensics... except of course for your fingerprints and DNA all
> the *physical* evidence you left at the scene of crime. Not really sure
> you're better off that way, I'd rather leave digits behind than anything
> Can't think of a witty .sigline today....
> Dailydave mailing list
Dailydave mailing list