Jump to content
Hak5 Forums
Sign in to follow this  
VincBreaker

[Feature request] More options to control storgage

Recommended Posts

Hi there,

I got my bunny today and while developing a payload to drop my meterpreter onto the computer, it actually got detected by my AV and deleted from the storage.

At that point, I remembered a pretty boring defcon talk I once saw showing a device able to block every write / delete on an usb stick. Further it allowed to filter the data to get passed to the os so you can ultimatively hide any files until you need them which can be especially useful when you have a stick with multiple exploits / payloads on it and some of them may trigger the AV but are not necesserily needed at one stage or your usb stick get's checked when walking into a facility while pentesting (actually happened to me once :/).

So I'm kindly requesting an extension to the API which:

  1. Allows to block every write to the usb stick.
  2. Allows to filter every read / write from / to the storage. I would suggest the visitor pattern, but I guess it is not compatible to bash :(

Yours sincerely,

VincBreaker

Share this post


Link to post
Share on other sites

It would probably still get detected when you move it to the pc, so this doesnt really help anything. 

There are other ways to bypass av's though. Just google it :p

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×