[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <j2k2d6724811004200854u68085649qc1a58d4f48cf0337@mail.gmail.com>
Date: Tue, 20 Apr 2010 11:54:05 -0400
From: T Biehn <tbiehn@...il.com>
To: Erez Metula <erezmetula@...sec.co.il>
Cc: dailydave@...ts.immunitysec.com, full-disclosure@...ts.grok.org.uk,
pen-test@...urityfocus.com, bugtraq@...urityfocus.com,
websecurity@...appsec.org
Subject: Re: [Tool] ReFrameworker 1.1
Awesome. A+ ruin.
2010/4/19 Erez Metula <erezmetula@...sec.co.il>:
> Hi all,
> I'm happy to announce about a new version of ReFrameworker V1.1 !
>
> ReFrameworker is a general purpose Framework modifier, used to reconstruct
> framework Runtimes by creating modified versions from the original
> implementation that was provided by the framework vendor. ReFrameworker
> performs the required steps of runtime manipulation by tampering with the
> binaries containing the framework's classes, in order to produce modified
> binaries that can replace the original ones.
> It was developed to experiment with and demonstrate deployment of MCR
> (Managed Code Rootkits) code into a given framework. MCR is a special type
> of malicious code that is deployed inside an application level virtual
> machine such as those employed in managed code environment frameworks –
> Java, .NET, Dalvik, Python, etc..
> Having the full control of the managed code VM allows the MCR to lie to the
> upper level application running on top of it, and manipulate the application
> behavior to perform tasks not indented originally by the software developer.
> ReFrameworker was demonstrated (in his former incarnation as ".NET-Sploit")
> at BlackHat, Defcon, RSA, OWASP and other places. The new version will be
> demonstrated this week at SOURCE Boston conference, for the first time.
> More information on ReFrameworker and MCR will be available with the soon to
> be published book "Managed Code Rootkits", by Syngress publishing.
>
> Among its features:
> - Performs all the required steps needed for modifying framework binaries
> (disassemble, code injection, reassemble, precompiled images cleaning, etc.)
> - Fast development and deployment of a modified behavior into a given
> framework
> - Auto generated deployers
> - Modules: a separation between general purpose "building blocks" that can
> be injected into any given binary, allowing the users to create small pieces
> of code that can be later combined to form a specific injection task.
> - Can be easily adapted to support multiple frameworks by minimal
> configuration (currently comes preconfigured for the .NET framework)
> - Comes with many "preconfigured" proof-of-concept attacks (implemented as
> modules) that demonstrate its usage that can be easily extended to perform
> many other things.
>
> ReFrameworker, as a general purpose framework modification tool, can be used
> in other contexts besides security such as customizing frameworks for
> performance tuning, Runtime tweaking, virtual patching, hardening, and
> probably other usages - It all depends on what it is instructed to do.
>
> It can be downloaded from here:
> http://www.appsec.co.il/Managed_Code_Rootkits
>
> -----------
> Erez Metula
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists