Mosquito - Secure Remote Code Execution Framework

Presented at DEF CON 13 (2005), July 29, 2005, 5 p.m. (50 minutes).

Mosquito is a lightweight framework to deploy and run code remotely and securely in the context of penetration tests. It makes a best effort to ensure that the communications are secure. Special care is taken to ensure that deployed code is not stored outside of process memory space, making it difficult for an eavesdropper to obtain the code. It protects the confidentiality and trade secrets of code that is deployed and run on the target, whether an exploit methodology, or a tool. The proof of concept deployable binary weights in at 120K. The framework makes use of Lua as the scripting language, and is freely available with a BSD license.


Presenters:

  • Wes Brown - Senior Security Consultant
    Wes Brown is a senior security consultant, security researcher, having started working in the field almost a decade ago. He specializes in penetration testing, and tools writing, but is greatly interested in conducting security research as well. He has written numerous in-house tools for Internet Security System's X-Force Consulting team, of whom he is a member of.
  • Scott Dunlop - Security Researcher
    Scott Dunlop is a father, software developer, security researcher and short order cook, in that order; other public projects by Scott include Cloud Wiki, IPAF Packet Analysis Framework, and the Sickle Communication Language.

Links:

Similar Presentations: