[ / / / / / / / / / / / / / ] [ dir / abdl / arepa / cop / hisrol / htg / pawsru / vg / zoo ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Name
Email
Subject
Comment *
File
Select/drop/paste files here
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images
[–]

 No.916436>>917000 [Watch Thread][Show All Posts]

What are ways of detecting bugged or pwnd devices? Hardware or software, spyware or malware. Any and all.

It seems like using a sniffer (like wireshark, MITMproxy) to check for suspicious outgoing packets is the most effective option. What other techniques are there?

>inb4 obligatory cynical reply that doesnt contribute to the thread

 No.916534>>916592 >>917000 >>917006

File (hide): 0baf842c85f426d⋯.jpg (21.58 KB, 292x304, 73:76, 0baf842c85f426de6b56812234….jpg) (h) (u)

>how to detect malware

Get a known good computer. Use osciliscope on it running operations. Use osciliscope on suspect computer doing exact same thing. Compare waveforms. Doing literally anything else is suspect, including the osciliscope itself if you don't protect it properly from electrical interferance from the radio(s) on the computers you test. Wireshark can be faked, MITMproxies can be hacked with laughable ease, and software can be manipulated such as virus scanners. But you can't fuck with a properly isolated osciliscope.

Sage because OP is a datamining faggot.


 No.916592>>916740

File (hide): d894f8888f0a239⋯.jpg (1.09 KB, 32x36, 8:9, mpv-shot0004.jpg) (h) (u)

>>916534

>Wireshark can be faked

Faking the destination address? Just put the computer in a state where there's no reason for it to communicate (stop browsing, turn off updates, etc.) and if it sends a packet, it's fucking sending a packet.

The only issue I can see is if the spyware is instructed to not send data while a wireshark process is running.


 No.916740>>916993

>>916592

>when the GPU rootkit detects you are running wireshark in a VM and responds by installing its own hidden networking drivers, uses your wifi card to mimic the highest signal hotspot, autoconnects, and proceeds to infect all machines on your network


 No.916993

>>916740

Who are you quoting?

Also, just have wireshark on an AP the suspect computer connects to.


 No.917000>>917006

>>916436 (OP)

I think it would be interesting to get some sort of device which could detect radio sources nearby. That way if there was some sort of hardware phoning home you could detect it.

>>916534

What if your oscilloscope is compromised?

What if the processor has different stuff in its cache?

What if the processor's branch predictor starts in a different state?

What if the operating system is doing things in the background?

What if it only does malicious stuff in a time which aligns with when you would be asleep?

There are a lot of flaws to this approach.


 No.917006>>917008

>>917000

Despite the digits, you don't really know how logic circuitry works. You are checking inputs and outputs, not what is happening in the CPU itself.

Anon already addressed

>What if your oscilloscope is compromised?

>>916534

> Doing literally anything else is suspect, including the osciliscope itself if you don't protect it properly


 No.917008

>>917006

>You are checking inputs and outputs

I assume you would actually be measuring the power consumption. If you are just comparing the output of an operation, why use an oscilloscope at all?

>not what is happening in the CPU itself

It is going to change the duration of the calculation and change what instructions are being processed. This will effect the waveform he is asking us to compare.



[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
7 replies | 2 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / abdl / arepa / cop / hisrol / htg / pawsru / vg / zoo ][ watchlist ]