HBGary General Dynamics Malware Development: Project C

Proposal for Project C

  • 8 pages
  • Confidential
  • May 13, 2009


General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device. The enabling kernel mode implant will cater to a command and control element via the serial port. The demonstration will utilize an exploit in Outlook as the delivery mechanism for said software application. The subsequently loaded implant will be stable and will not crash the demonstration system. A usermode component will be included as part of the exploitation package that exercises the kernel mode implant for demonstration purposes. The loaded implant will use the connected serial port to remotely enable functions which can be visible on the collection computer connected on the other end of the serial line. The purpose of the demonstration setup is to verify the functionality for the customer and validate that all work has been completed.

Primary Objectives:

• Development of a kernel-mode implant that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station. For demonstration, a null modem cable will be used to connect the collection station
• The use of a standard Outlook Exploit as a delivery mechanism for the implant, with the intention being that any suitable exploit could be used for the same.
• As part of the exploit delivery package, a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant.
• Test set (which will consist of two computers networked together via a null modem cable using HyperTerminal) that can reliably and repeatedly demonstrate the exploit and subsequent implant capability of the system.

Leave a Reply

Your email address will not be published. Required fields are marked *