sud0nick Posted October 4, 2015 Share Posted October 4, 2015 I've created a payload in C# that appears as a legitimate application but grants an attacker admin remote shell access on a windows system. My primary focus now it to encrypt the network traffic as best as I can for obvious reasons. I haven't done this before so I would like some guidance on how it should be done. I've done some research and come across two methods, AES using RSA to encrypt the key and SSL. I'm worried that the SSL method could easily be attacked with SSL-Strip since there is no HSTS-like implementation to prevent it. I know how to start with AES in C# as the System.Security.Cryptography namespace makes that fairly simple. However, I have no idea how to use RSA to encrypt the AES key and send it over the network. A lot of my research lead me to using AES-HMAC but some of the recent posts I've seen hint toward that only being used for encryption of local information rather than network information. Can someone shed some light on these methods, which is the most secure, and how to use it? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.