INNUENDO: Ensuring your intrusion detection investments
You’ve spent hundreds of thousands of dollars on state of the art intrusion detection solutions for your Enterprise…but is any of it actually effective?
Enter INNUENDO, a sophisticated post-compromise implant framework that models advanced data exfiltration attacks on your enterprise.
The philosophy behind INNUENDO is simple: to find the real thing you have to calibrate your detection tools and teams with the real thing.
Obviously you can not deploy STUXNET, FLAME or DUQU across your enterprise. However, you CAN deploy INNUENDO, a trusted implant framework that is up to par with even the most sophisticated state-sponsored malware out there.
INNUENDO can behave in many different ways on your network. It models a wide variety of exfiltration methodologies and covert networking tactics, to test whether your intrusion detection investment is performing the way it should be.
- INNUENDO raises the bar for the state of the art in persistence and data exfiltration solutions. Based on a flexible, modular architecture, INNUENDO offers nation-grade advanced attack capabilities to commercial penetration testing teams.
- This allows for a wide range of communication channels which are easily integrated into your INNUENDO solution.
- Examples include: HTTPS, DNS, ICMP, PDF, Social Media, and steganographic injection into popular image hosting services. Persistence can be maintained via any one of many ways, determined at deploy time.
- That means no static indications of compromise! Persistence methods are modular and updatable throughout the life of the deployment. INNUENDO functionality can be written, deployed and updated in Python without ever touching disk and is encrypted and signed for a specific INNUENDO instance on deployment.
- Each deployed INNUENDO has a unique SHA1 hash which prevents one-stop binary fingerprinting.
- INNUENDO can be deployed entirely from memory via e.g. a CANVAS exploit, a post-exploitation CANVAS module, or from another INNUENDO instance.
- INNUENDO can run as an injected DLL or as its own process. INNUENDO instances employ strong encryption for C&C messages, which renders the communications opaque to listeners and frustrates post-event forensics.
Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.