Uninformed: Informative Information for the Uninformed

Vol 3» 2006.Jan


The purpose of the stage payload component is to perform whatever arbitrary task is desired, whether it be to hook the keyboard and send key strokes to the attacker or to spawn a reverse shell in the context of a user-mode process. The definition of the stage component is very broad as to encompass pretty much any end-goal an attacker might have. For that reason, this section is relatively sparse on details and is instead left up to the reader to decide what type of action they would like to perform. The paper eEye has provided shows some concrete examples of kernel-mode stages. There are also many examples of existing user-mode payloads that could be staged to run in the context of a user-mode process. In the future, stages will most likely be the focal point of kernel-mode payload research.