[Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
Dave Korn
dave.korn at artimi.com
Thu Nov 16 19:10:42 Local tim 2006
On 16 November 2006 18:25, Dave Aitel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> That's really cool. One thing Immunity has been investigating is
> selling a literal hardware PCI card that you can install into
> someone's machine which then infects their system and injects a
> callback shellcode.
Does this really have a lot of advantages over just plugging a U3 drive into
a less-frequently used usb port round the back of the machine somewhere?
> That way if you break into someone's office, you
> can throw these PCI cards into a few desktops and then leave, and
> you'll get MOSDEF shells at home every day! Nothing to analyze on disk
> either. :>
Wow, no forensics... except of course for your fingerprints and DNA all over
the *physical* evidence you left at the scene of crime. Not really sure
you're better off that way, I'd rather leave digits behind than anything else.
cheers,
DaveK
--
Can't think of a witty .sigline today....
More information about the Dailydave
mailing list