so, I am currently working on a malware for linux, consisting of 3 binaries, an initial payload (pre-priv esc), a post-priv esc payload, and a ring 0 rootkit that helps the second stage
right now I implemented the comms via custom protocol over TCP, encrypted via TLS, but I am contemplating switching over to http if I find enough advantages
the malware is designed to stay in a system, it's very hard to detect, and nigh impossible to remove (even I, it's creator, had a very hard time removing it from a test environment)
so, which is better for stealth, https, or TCP, and what advantages would either of them offer? I wouldn't be asking this here if I had found an answer on google, and I think it's quite obvious why I won't ask chatGPT
for anyone wondering, the malware is named Gorgon, the first stage is named Stheno, the second is named Euryale, the rootkit is named Medusa, and the C2 is Ceto
thanks in advance
[link] [comments]
from hacking: security in practice https://ift.tt/pzKIX3h
Comments
Post a Comment