Awesome. A+ ruin. 2010/4/19 Erez Metula <erezmet...@appsec.co.il>: > Hi all, > I'm happy to announce about a new version of ReFrameworker V1.1 ! > > ReFrameworker is a general purpose Framework modifier, used to reconstruct > framework Runtimes by creating modified versions from the original > implementation that was provided by the framework vendor. ReFrameworker > performs the required steps of runtime manipulation by tampering with the > binaries containing the framework's classes, in order to produce modified > binaries that can replace the original ones. > It was developed to experiment with and demonstrate deployment of MCR > (Managed Code Rootkits) code into a given framework. MCR is a special type > of malicious code that is deployed inside an application level virtual > machine such as those employed in managed code environment frameworks – > Java, .NET, Dalvik, Python, etc.. > Having the full control of the managed code VM allows the MCR to lie to the > upper level application running on top of it, and manipulate the application > behavior to perform tasks not indented originally by the software developer. > ReFrameworker was demonstrated (in his former incarnation as ".NET-Sploit") > at BlackHat, Defcon, RSA, OWASP and other places. The new version will be > demonstrated this week at SOURCE Boston conference, for the first time. > More information on ReFrameworker and MCR will be available with the soon to > be published book "Managed Code Rootkits", by Syngress publishing. > > Among its features: > - Performs all the required steps needed for modifying framework binaries > (disassemble, code injection, reassemble, precompiled images cleaning, etc.) > - Fast development and deployment of a modified behavior into a given > framework > - Auto generated deployers > - Modules: a separation between general purpose "building blocks" that can > be injected into any given binary, allowing the users to create small pieces > of code that can be later combined to form a specific injection task. > - Can be easily adapted to support multiple frameworks by minimal > configuration (currently comes preconfigured for the .NET framework) > - Comes with many "preconfigured" proof-of-concept attacks (implemented as > modules) that demonstrate its usage that can be easily extended to perform > many other things. > > ReFrameworker, as a general purpose framework modification tool, can be used > in other contexts besides security such as customizing frameworks for > performance tuning, Runtime tweaking, virtual patching, hardening, and > probably other usages - It all depends on what it is instructed to do. > > It can be downloaded from here: > http://www.appsec.co.il/Managed_Code_Rootkits > > ----------- > Erez Metula > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
-- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/