| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Apr 2010 11:54:05 -0400 From: T Biehn <tbiehn@...il.com> To: Erez Metula <erezmetula@...sec.co.il> Cc: dailydave@...ts.immunitysec.com, full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com, bugtraq@...urityfocus.com, websecurity@...appsec.org Subject: Re: [Tool] ReFrameworker 1.1 Awesome. A+ ruin. 2010/4/19 Erez Metula <erezmetula@...sec.co.il>: > Hi all, > I'm happy to announce about a new version of ReFrameworker V1.1 ! > > ReFrameworker is a general purpose Framework modifier, used to reconstruct > framework Runtimes by creating modified versions from the original > implementation that was provided by the framework vendor. ReFrameworker > performs the required steps of runtime manipulation by tampering with the > binaries containing the framework's classes, in order to produce modified > binaries that can replace the original ones. > It was developed to experiment with and demonstrate deployment of MCR > (Managed Code Rootkits) code into a given framework. MCR is a special type > of malicious code that is deployed inside an application level virtual > machine such as those employed in managed code environment frameworks – > Java, .NET, Dalvik, Python, etc.. > Having the full control of the managed code VM allows the MCR to lie to the > upper level application running on top of it, and manipulate the application > behavior to perform tasks not indented originally by the software developer. > ReFrameworker was demonstrated (in his former incarnation as ".NET-Sploit") > at BlackHat, Defcon, RSA, OWASP and other places. The new version will be > demonstrated this week at SOURCE Boston conference, for the first time. > More information on ReFrameworker and MCR will be available with the soon to > be published book "Managed Code Rootkits", by Syngress publishing. > > Among its features: > - Performs all the required steps needed for modifying framework binaries > (disassemble, code injection, reassemble, precompiled images cleaning, etc.) > - Fast development and deployment of a modified behavior into a given > framework > - Auto generated deployers > - Modules: a separation between general purpose "building blocks" that can > be injected into any given binary, allowing the users to create small pieces > of code that can be later combined to form a specific injection task. > - Can be easily adapted to support multiple frameworks by minimal > configuration (currently comes preconfigured for the .NET framework) > - Comes with many "preconfigured" proof-of-concept attacks (implemented as > modules) that demonstrate its usage that can be easily extended to perform > many other things. > > ReFrameworker, as a general purpose framework modification tool, can be used > in other contexts besides security such as customizing frameworks for > performance tuning, Runtime tweaking, virtual patching, hardening, and > probably other usages - It all depends on what it is instructed to do. > > It can be downloaded from here: > http://www.appsec.co.il/Managed_Code_Rootkits > > ----------- > Erez Metula > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists