From 30659d91ecc545f28378ed772382e77750ad751d Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Tue, 11 Jan 2022 23:45:01 -0500 Subject: [PATCH] Update for 11-01-22 23:45 --- tech/cia-do-dont.wiki | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki index fcb0b5f..a360ddd 100644 --- a/tech/cia-do-dont.wiki +++ b/tech/cia-do-dont.wiki @@ -4,13 +4,24 @@ This is the CIA list of dos and donts. == General == -| Derective | Rationale | -------------------------- -| DO obfuscate and encrypt strings; Deobfuscate in memory when needed | Strings help reveng | -| Do wipe deobfuscated strings once done | | -| DONT decrypt string data upon execution | | -| | | -| | | -| | | -| | | -| | | +* DO obfuscate and encrypt strings; Deobfuscate in memory when needed +* DO wipe deobfuscated strings once done +* DONT decrypt string data upon execution +* DO remove encryption keys, shellcode, etc from memory +* DO utilize deployment time unique key for deobfuscation of data +* DONOT rely on OS to cleanup strings for you +* DO strip all debug symbols, build paths, dev usernames, etc from binary +* DO strip all debug output from final build of tool +* DONOT import/call functions that are not consistent with tools cover usage +* DONOT export sensitive functions names, use benign cover names +* DONOT generate crashdumps or signs of error when crashing +* DO attempt to crash a program during a unit test +* DONOT perform operations that will make a computer hang +* DO make all effort to minimize binary size without the use of compression + Less than 150kb is ideal for a full tool +* DO provide a means to uninstall tools and all artifacts +* DO document all artifacts of program and how to undo it +* DONOT leave dates and times like compile timestamps, access times, etc that + relate to your time zone +* DONOT leave data in the binary that indactes you +* DONOT leave data that has "dirty words"