TripleCross

mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-16 23:33:06 +08:00

Author	SHA1	Message	Date
h3xduck	d4a881540f	Continued with memory corruption study	2022-06-04 08:55:45 -04:00
h3xduck	d184893426	Finished tracing programs part	2022-06-03 21:47:00 -04:00
h3xduck	8bc376e734	Continued with offensive tracing capabilities	2022-06-02 21:07:42 -04:00
h3xduck	2c3648a18a	Continued with offensive capabilities, incorporated security features and started with tracing program features	2022-06-02 19:00:10 -04:00
h3xduck	5d5aafb46d	Finished SotA	2022-05-28 09:23:41 -04:00
h3xduck	62e8e68dd5	Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.	2022-05-27 20:56:36 -04:00
h3xduck	74e8163791	Continued with eBPF program types	2022-05-26 21:47:28 -04:00
h3xduck	47be741f04	Finished core eBPF section	2022-05-26 15:21:00 -04:00
h3xduck	079601ec22	Completed ebpf verifier	2022-05-26 08:39:45 -04:00
h3xduck	a99c3e0f7d	Continued with architecture, finished JIT, remodelled the second section of sSOTA	2022-05-25 22:00:28 -04:00
h3xduck	706198f95b	Elaborated on ebpf architecture. Incoming explanation of JIT compiling	2022-05-24 20:53:00 -04:00
h3xduck	820c9f9401	Fixed some diagrams	2022-05-23 08:47:39 -04:00
h3xduck	a27543a7a6	Completed bpf in the history section	2022-05-23 07:08:46 -04:00
h3xduck	c29a99e03f	ALmost completed cbpf explantion	2022-05-23 06:17:21 -04:00
h3xduck	23d6bbd3ed	Continued with classic bpf explanations	2022-05-22 19:57:47 -04:00
h3xduck	cdaed83d1a	Continued with ebpf history	2022-05-22 10:04:16 -04:00
h3xduck	3ec9175053	Continued with the state of the art section	2022-05-22 08:19:32 -04:00
h3xduck	d161a29020	Included some comments on next work	2022-05-21 20:56:00 -04:00
h3xduck	3f2b426c98	Completed the objectives section. Skipping the rest of the chapter	2022-05-21 19:43:51 -04:00
h3xduck	61d141bbb6	Went on with the objectives section	2022-05-21 16:56:05 -04:00
h3xduck	b1933069ae	Completed motivation	2022-05-20 22:58:33 -04:00
h3xduck	2065c2e131	Added partial motivation section	2022-05-20 21:20:24 -04:00
h3xduck	3e697dd4cf	Fixed a bug where tcpport mode in the multi-packet backdoor did not work if a previous trigger using seqnum mode was made	2022-05-18 12:45:35 -04:00
h3xduck	104f4c0355	Added obfuscation for the persistance access using cron	2022-05-16 17:34:21 -04:00
h3xduck	ccd518287a	Added new deployer for preparing final files, messed up with the phantom shell, sometimes gives errors, but I don't think we can do much, the shared maps together with multi-hooks on network has some unexpected behaviours	2022-05-16 16:33:12 -04:00
h3xduck	757a480de9	Completed work on deployer, previous to cron persistence	2022-05-16 12:52:25 -04:00
h3xduck	82fa056955	Added hide directory capabilities for the rootkit	2022-05-16 11:24:59 -04:00
h3xduck	4044d7994c	Added sys_openat for the injection module, fully working!	2022-05-16 08:02:38 -04:00
h3xduck	abc501d4be	Merge branch 'develop'	2022-05-15 20:49:09 -04:00
h3xduck	78b3132687	Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular	2022-05-15 20:47:58 -04:00
h3xduck	4a292f0f7a	Merged master and develop, now all changes together. Fully tested and working.	2022-05-15 20:46:35 -04:00
h3xduck	57f3edd8fa	Fixed bug in client getting local ip	2022-05-15 19:09:04 -04:00
h3xduck	6e76e1ed1a	Solved an error in client ip config	2022-05-15 18:08:14 -04:00
h3xduck	ce3b267d01	Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces	2022-05-15 16:45:47 -04:00
h3xduck	e6cbe7c24a	Updated client to work with multiple network interfaces	2022-05-15 15:15:43 -04:00
h3xduck	d509f20974	Completed command passing for phantom shell	2022-05-15 14:44:16 -04:00
h3xduck	ad4f9b2504	Completed phantom shell protocol, added new checksum correctors	2022-05-11 20:27:52 -04:00
h3xduck	28ed530aea	Completed the TC Hook and payload enlargment and substitution mechanisms. Only the packet recognition on the client side remains to work	2022-05-11 17:31:38 -04:00
h3xduck	567d8d706c	Further completed the phantom shell routine and added more checks in TC, still not finished, payload rewriting remains, but the rest is fully ready	2022-05-10 23:04:19 -04:00
h3xduck	f2c3624e8b	Added test on tc clasiffier, added pinned maps, and obtaining the fd from other maps in order to synchronize between programs	2022-05-10 19:09:52 -04:00
h3xduck	4211d0b5d5	Updated all components with phantom shell	2022-05-09 22:06:29 -04:00
h3xduck	5320f35d01	Added new hidden payload stream mode, now triggered using the source port. Fully integrated already, can select between that and seqnum in client. Both launch live encrypted shell via v3 backdoor	2022-05-09 20:16:13 -04:00
h3xduck	ff0f34c6a4	Included new library version with support for tcp src port paylaod injection	2022-05-09 18:57:23 -04:00
h3xduck	ff2868846f	Fixed a big bug in previous client terminals, also made the new multi-triggered backdoor to work completely and connect to encrypted session	2022-05-09 17:48:02 -04:00
h3xduck	073e1d3129	Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions	2022-05-09 16:36:39 -04:00
h3xduck	ba19537ec1	Added new packet stream payload mode in client for V3 backdoor	2022-05-07 20:45:02 -04:00
h3xduck	5746ac5efb	Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor	2022-05-07 19:16:33 -04:00
h3xduck	ce7d36371d	Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional	2022-05-07 17:55:27 -04:00
h3xduck	f6a4c1daa0	Finished execve hijacking, added new last checks and discovered why sometimes it fails. New detached process at the userspace. Other fixes	2022-05-07 10:36:46 -04:00
h3xduck	cceca23478	Completed message sharing, starting with protocol now	2022-05-05 22:14:28 -04:00

1 2 3 4

193 Commits