Closing the Door | End of Backdoor Factory


“The time has come," the walrus said, "to talk of many things: Of shoes and ships - and sealing wax - of cabbages and kings”

 Lewis Carroll, Alice's Adventures in Wonderland & Through the Looking-Glass

===

I've been thinking about ending Backdoor Factory (BDF), including BDFProxy, support for a couple months. The idea has crept up more and more as my attention is often pulled in more interesting directions.

Writing and maintaining BDF (since 2013) has been fun but it is time to move on to other things. The code will stay up, but I won't be adding anymore features or maintaining any code.

I originally wrote BDF to automate the manual process of file infection with PE files. To show that Anti-Virus (AV) is easy to bypass (it still is) and that file infectors still have a place in offensive use cases. I added ELF and Macho binaries and x86 and 64 bit support, code signing, etc... It was fast. So fast I created BDFProxy which lead me to finding OnionDuke.

BDF was fairly popular, averaging about 1500 unique clones every two weeks for the past couple years just from my git repo. It was added into Kali and other distributions. I have used it in demos at many presentations: two DerbyCon presentations (1, 2), ShmooCon 2015, Black Hat 2015, Infiltrate 2016, Eko Party 2016, REcon Brussels 2016, and DEF CON 25.

It wasn't until July 2015 where an AV finally flagged one of my IAT custom payloads. Since then, more AVs have written their own detections - I know how each one is detecting and how to bypass them. That's how fragile AV signatures are. I could update BDF and add features to bypass their detections, wait another six months to a year for new detections to come out, and bypass again. Rinse and repeat. It's like a bug bounty where only AVs win and I lose my time.

There really is no incentive for me to continue that cycle. At least publicly.

I've considered making a professional version of BDF and that path looks quite dangerous and not very profitable. I think if someone were to do that, the risk of legal entrapment is high. Whereas one could accidentally provide customer support to someone doing illegal things and be caught up in their actions when they are eventually caught by law enforcement. Let's face it, if someone is paying for a cheap file infector (something that is easy to write yourself), they aren't very bright.

It's time to move on to more interesting ideas and harder problems.

Thanks for the kind words and support over the years, it's been a hell of a ride.


Comments


  1. This is the Best Palace Where you find the most flourishing and effective Islamabad Escorts Females Service and Feel free to enjoy a pleasant moment with an excellent Escorts in Islamabad They knows what you need and they make every man special as it will surely make you feel much better and satisfied with the way it all happens. They are available for you to romance and enjoy the night and days you spend in this town.

    ReplyDelete

Post a Comment

Popular Posts