Proof of concept framework for transferring a file over x509 extension covert channel
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
helper
client.go
license.txt
mimikatz_sent.pcap
readme.md
server.go

readme.md

MalCert proof of concept to accompany blog post

This is a POC demonstrating a covert channel over x509 extensions framework written in GO, for the server and pcap this demonstration shows sending mimikatz over this covert channel to a client. The filename was hardcoded "mimikatz.bin". The PCAP is from a run using local loopback.

Blog: https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities Paper: vixra.org/abs/1801.0016