Mosref (MOsquito Remote Execution Framework) is what Metasploit's Meterpreter really wants to be. It is (on paper) a platform-agnostic virtual machine and Lisp interpreter with strong encryption on top of multiple communication channels. In reality, I could never get it to compile; nor could many other people based on the conversation in the mosref mailing list. And even if I could have, I would have had to learn the Mosquito dialect of Lisp for it to be any kind of useful.
After Wes Brown's and Scott Dunlop's talk about it at Defcon 14, I really wanted to see Mosquito succeed. Unfortunately, it never had any updates after that talk (the last developer cvs transaction according to source forge was the initial commit). The mailing list contained almost no discussion of development. This afternoon I visited ephemeralsecurity.com only to discover that the domain is now parked by an advertiser and whois lists the owner as "Domain Discreet". I was disappointed to learn this but not surprised.
Oh, well. If you want a platform-independent in-memory rootkit, you'll just have to write it yourself.
Monday, June 11, 2007
Subscribe to:
Post Comments (Atom)
3 comments:
Off topic, I have some great news to tell you, but I need a good email address. I got the call from the NSA guy the other week, that went really well.
[EDIT]
You can email me at pbrian@nmt.edu or admiral.grinder@gmail.com
A couple quick updates:
EphSec is on hold for the indefinite future; Wes Brown packed it up and put it away when he went to work for Matasano. I'll leave any futher details to Wes, EphSec was his company and I want to respect that. I will let him know you guys are thinking of him, and maybe he'll stop by and answer questions.
I am guilty of a common sin among researchers; I explored the idea, MOSREF, implemented enough of it to prove it practicable, then wandered off in search of the next interesting thing. The code is LGPL, it is up there on SourceForge, and anyone who wants to grab the ball and run with it has my blessing and, if wanted, plenty of advice on how to make improvements.
The Mosquito Virtual Machine was forked after DefCon 14 into the Wasp Virtual Machine. It is in a very protean state right now; I have made a lot of changes as I explore what does and doesn't work for me. Give me a few months, maybe a year, and we may have a Lisp dialect that provides an interesting balance between utility, efficiency and elegance. (That, or the next Intercal.)
In short: I'm not dead yet, I'm just too busy to self-promote. :)
-- Scott Dunlop.
Post a Comment