OSCP: Forensics and Pentesting combined: Dark mad sience.


While sitting on the lab I while helping a friend with some forensics, I had a bad idea. I mean serious troubling.

First off lets start with EVE ONLINE, this nice cozy game. In the lore they use human cadavers to build empty human clones, when you die in game your brain is transferred to an empty shell and you go again. https://community.eveonline.com/backstory/scientific-articles/cloning/

Second thing: In the world of police, government and forensics there are methods to acquire a machine for forensics and evidence etc. Normally you would use a format called ewf. But some tools also just do a dd dump. Well and it is not unheard off that you use a network to send or acquire these evidence. In the world of forensics there is this nice tool called xmount. This nice thing allows you to mount a ewf or dd image into a vdk and then boot it with your favorite virtualisation solution. Normal daywork in forensics. (Side note with qemu-img convert source.vmdk -O raw /target/drive/ you can make a dd out of a vdk).

Now let us think about pentesting. During fishing etc you clone a website. But think about it for a second. With phising etc you clone the website of a target. Well how about jut taking the complete network of the customer and just virtualise their stuff. You know suck them totally in the matrix. Even the website admin could log in and just everything would feel more or less normal.

If you get a system shell on a victim you could run the normal forensic tools and just look for files not being the unmodified systemfiles (there are databases for this). Grab all of them and then just put them on a empty shell clone of the victim. Or just grab everything and build your vm machine from there.

Just a troubling thought .. steal the enemy cloud installation, put them on your own and then redirect them to you … just mad sience …

Greetings ucki

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:


Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s

%d Bloggern gefällt das: