ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework's classes, in order to produce modified binaries that can replace the original ones. This tarball includes both the binary and source code releases.
0150edfe2da9666ab255444c54509fb5f54575c6e51ee5e18f42df461e8bee05This whitepaper, .NET Framework rootkits - backdoors inside your framework, covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it is supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.
fe69d68e467a449463286910210e3ad0f8fe2ca3f1b34554ba9d9c33e2b62793.NET Framework Rootkits - This whitepaper covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.
f76d7dd718394137cdbc9cb275f43a192178ffb10a850e0e77481a838c67ea51.NET-Sploit is a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payloads to the Framework core DLL.
5776c1769e93b6c84140aa59330ab249d6529d492a81f74654dbb0a444b97a81The Commtouch Anti-Spam Enterprise Gateway solution suffers from a reflected cross site scripting vulnerability.
bdbfea324685faa2d4eff00b9602070091c72fb3f1dcf2c39200358db6658642MIMESweeper For Web version 5.x suffers from a cross site scripting flaw.
e9e0cb9cd745a51c4a7fc4d3dbf8c415305da5f7817956e0380f01bd97b1c08e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed