tyler/vimwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update for 11-01-22 23:45

Browse Source
This commit is contained in:
Tyler Perkins 2022-01-11 23:45:01 -05:00
parent 20d804af67
commit 30659d91ec
1 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
tech/cia-do-dont.wiki
View File

@ -4,13 +4,24 @@ This is the CIA list of dos and donts.
== General ==
| Derective | Rationale |
-------------------------
| DO obfuscate and encrypt strings; Deobfuscate in memory when needed | Strings help reveng |
| Do wipe deobfuscated strings once done | |
| DONT decrypt string data upon execution | |
| | |
| | |
| | |
| | |
| | |
* DO obfuscate and encrypt strings; Deobfuscate in memory when needed
* DO wipe deobfuscated strings once done
* DONT decrypt string data upon execution
* DO remove encryption keys, shellcode, etc from memory
* DO utilize deployment time unique key for deobfuscation of data
* DONOT rely on OS to cleanup strings for you
* DO strip all debug symbols, build paths, dev usernames, etc from binary
* DO strip all debug output from final build of tool
* DONOT import/call functions that are not consistent with tools cover usage
* DONOT export sensitive functions names, use benign cover names
* DONOT generate crashdumps or signs of error when crashing
* DO attempt to crash a program during a unit test
* DONOT perform operations that will make a computer hang
* DO make all effort to minimize binary size without the use of compression
Less than 150kb is ideal for a full tool
* DO provide a means to uninstall tools and all artifacts
* DO document all artifacts of program and how to undo it
* DONOT leave dates and times like compile timestamps, access times, etc that
relate to your time zone
* DONOT leave data in the binary that indactes you
* DONOT leave data that has "dirty words"