Toorcon Decompression and Tool Releases
Alan Bradley (AlanBradley) <abradley fastmail fm> |
Thursday, October 5 2006 04:55.03 CDT |
I just recently gave a talk at Toorcon 8 on a couple of tools recently posted to OpenRCE. ADHD is a kernel driver that obscures some of the ways a debugger can be detected in Userland. Tron is a kernel driver that you can load into a WinXP system in order to create hidden views of arbitrary userland memory. CLU is an IDA plugin that works with Tron to allow you to set invisible software breakpoints. Finally, DrvrLdr.Tron is a command-line driver loader that can be used to load and unload Tron, ADHD and other kernel drivers.
However, the catch was that this was no ordinary talk. Driven by DMCA concerns, and also a desire to do an interesting "proof of concept" on anonymity, the entire talk was given anonymously using Ventrilo, VNC, a voice disguiser, Tor, and EVDO.
We had concerns over the feasibility of getting the whole thing to run over EVDO. However, it turns out the EVDO *did* work, which means it should be possible to give this type of talk anywhere. Hey, maybe I can even go on a virtual world tour. That might be nice. Maybe we can drum up some press attention.
Anyways, hopefully you enjoy these tools! I should be doing an article on some use cases of them in the coming weeks.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |