Monday, June 11, 2007

Ephemeral: adj. lasting for only a short period.

Mosref (MOsquito Remote Execution Framework) is what Metasploit's Meterpreter really wants to be. It is (on paper) a platform-agnostic virtual machine and Lisp interpreter with strong encryption on top of multiple communication channels. In reality, I could never get it to compile; nor could many other people based on the conversation in the mosref mailing list. And even if I could have, I would have had to learn the Mosquito dialect of Lisp for it to be any kind of useful.

After Wes Brown's and Scott Dunlop's talk about it at Defcon 14, I really wanted to see Mosquito succeed. Unfortunately, it never had any updates after that talk (the last developer cvs transaction according to source forge was the initial commit). The mailing list contained almost no discussion of development. This afternoon I visited only to discover that the domain is now parked by an advertiser and whois lists the owner as "Domain Discreet". I was disappointed to learn this but not surprised.

Oh, well. If you want a platform-independent in-memory rootkit, you'll just have to write it yourself.