Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature list #3

Open
8 tasks
hrbrmstr opened this issue Apr 1, 2017 · 2 comments
Open
8 tasks

Feature list #3

hrbrmstr opened this issue Apr 1, 2017 · 2 comments
Labels
enhancement

Comments

@hrbrmstr
Copy link
Owner

hrbrmstr commented Apr 1, 2017
edited
Loading

  • add disclaimer and major instructions about not actually using the techniques for evil
  • obfuscate URLs to follow in a pkg data set
  • obfuscate evil functions to call in a pkg data set
  • leak local sensitive data via HTTPUserAgent option setting before calls to download.file()
  • overwrite .GlobalEnv symbols (1st be cute with T == FALSE but also shim some common functions and mock-exfil data with them when they're called)
  • scan the local class C subnet for systems and report results.
  • collect OAuth creds, useful system bits of info, data files, pkgs installed & cache them locally for a random time period then mock-exfil.
  • have a teaching version of the pkg (this one) and a stealthy one that will pass CRAN review
@noamross
Copy link

I feel like installing a printer driver would be some next-level, close-to-the-metal pwnage

@stephlocke
Copy link

As I've seen - bundle a "dodgy dependency" in compiled builds

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hrbrmstr @noamross @stephlocke