Sell PoC that allocates place in GPU and execute code

[Vubar]

Sell PoC of technique that avoid AV detects from RAM scanning.
It allocates address space in GPU memory buffer, inserts and executes code from there.

Works only in Windows workstations that supports OpenCL 2.0 and higher!

Tested on: UHD 620, UHD 630, Radeon RX 5700, GeForce GTX 740M, GeForce GTX 1650.

Any proofs and checks. Can work with guarantor.
Telegram contact is under my profile pic.
Serious people only.

 

[Expiro]

Sent PM

 

[kerberos]

Могу проверить и написать отзыв...

 

[Vubar]

Sold.

 

[Harbour]

ага, помним-любим: https://github.com/nwork/jellyfish

 

[Vubar]

ага, помним-любим: https://github.com/nwork/jellyfish

Funny. Did you carefully read the description of what I was selling?

 

[Harbour]

Funny. Did you carefully read the description of what I was selling?

Sure man. Your code is a natural continuation of such projects. This one by the way, is already 6 years old

 

[Vubar]

Sure man. Your code is a natural continuation of such projects. This one by the way, is already 6 years old

Unfortunately, but you are wrong. The projects you bear in mind use code mapping back, unlike my technique.

 

[Harbour]

Unfortunately, but you are wrong. The projects you bear in mind use code mapping back, unlike my technique.

Seems like Russian is not your native lang - I mean different. There are many such projects including real CPU emulators running inside GPU with OS and all possible code inside it -

 

[Harbour]

More interesting GPU usage is not hiding the code from AV but using DMA (initiated from GPU side) for r/w access to the system memory thus totally avoiding CPU and all that is running at it.

 

[user44_818]

Interested. PM sent.

 

[varwar]

More interesting GPU usage is not hiding the code from AV but using DMA (initiated from GPU side) for r/w access to the system memory thus totally avoiding CPU and all that is running at it.

Yes, but there is some DMA protection against such memory accesses like IOMMU. But have not deal with such attacks in practice.

 

[varwar]

Vubar, you're famous now.

SecAtor

В даркнете реализован PoC, позволяющий использовать буфер памяти графического процессора для хранения и выполнения вредоносного кода, что обеспечивает ему надежную защиту от антивирусных средств, нацеленных, прежде всего, на оперативную память. Метод оптимизирован под ОС Windows с версией...

t.me

 

[Kelegen]

Vubar, you're famous now.

SecAtor

В даркнете реализован PoC, позволяющий использовать буфер памяти графического процессора для хранения и выполнения вредоносного кода, что обеспечивает ему надежную защиту от антивирусных средств, нацеленных, прежде всего, на оперативную память. Метод оптимизирован под ОС Windows с версией...

t.me

I think about his fame he has known for a long time

В продаже замечен инструмент для сокрытия малвари в графических процессорах AMD и Nvidia

Издание Bleeping Computer обнаружило, что в продаже на хакерском форуме появился эксплоит, который использует буфер памяти графического процессора для хранения вредоносного кода и его выполнения. Автор эксплоита уверяет, что его решение работает на видеокартах Intel (UHD 620/630), Radeon (RX...

xakep.ru

 

[varwar]

One more word about DMA. In general, peripheral-based attacks are well known. For those who interested, here is a very cool paper with a long bibliographic list (around 150 sources) about this topic (2014 year).

 

[bbi34yy]

DMA is very well used in game cheats to avoid detection by anti cheats.

 

[varwar]

MalwareSourceCode/Linux/Rootkits/Rootkit.Linux.Golden.a.rar at main · vxunderground/MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode

github.com

Судя по суркам, 2014-2015 годы.