[Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
Chris Wysopal
weld at vulnwatch.org
Thu Nov 16 20:30:01 Local tim 2006
On Thu, 16 Nov 2006, Dave Aitel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> That's really cool. One thing Immunity has been investigating is
> selling a literal hardware PCI card that you can install into
> someone's machine which then infects their system and injects a
> callback shellcode. That way if you break into someone's office, you
> can throw these PCI cards into a few desktops and then leave, and
> you'll get MOSDEF shells at home every day! Nothing to analyze on disk
> either. :>
This is kind of the opposite of the Tribble project that was started at
@stake. The idea of Tribble is a PCI card for hardware based forensics.
http://www.grandideastudio.com/portfolio/index.php?id=1&prod=14
-Chris
More information about the Dailydave
mailing list