killswitch-GUI
commented
7 years ago Could you give some more details on how this would look to facilitate .so to work with rootkits? deployment method etc?
Closed thesle3p closed 7 years ago
killswitch-GUI
commented
7 years ago Could you give some more details on how this would look to facilitate .so to work with rootkits? deployment method etc?
thesle3p
commented
7 years ago some rootkits (EvilAbigail) takes payloads in .so format which is easy to do with metasploit, but it would be nice to do the same thing with Empire.
On 01/16/2017 10:35 AM, Alexander Rymdeko-Harvey wrote:
Could you give some more details on how this would look to facilitate .so to work with rootkits? deployment method etc?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/adaptivethreat/Empire/issues/434#issuecomment-272893474, or mute the thread https://github.com/notifications/unsubscribe-auth/AIqhyJNKuCFFjraSi58fSqYZk9nGgRvqks5rS45EgaJpZM4LkBvN.
killswitch-GUI
commented
7 years ago @thesle3p i will see what the guys think. Your looking for a Shared Object that is injectable? Never played with that tool set, let me do some research on this.
thesle3p
commented
7 years ago Not needed figured out a way to get it to work, just had to modify the make file.
On Feb 1, 2017 9:27 AM, "Alexander Rymdeko-Harvey" notifications@github.com wrote:
@thesle3p https://github.com/thesle3p i will see what the guys think. Your looking for a Shared Object that is injectable? Never played with that tool set, let me do some research on this.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/adaptivethreat/Empire/issues/434#issuecomment-276670410, or mute the thread https://github.com/notifications/unsubscribe-auth/AIqhyDwW4wia7P7fyQpzxereqCbyqQ5hks5rYJZdgaJpZM4LkBvN .
it would be incredibly useful when deploying bootkits/rootkits if a .so stager was available for the Linux/python payload, would it be possible to create one?