A simple realization of SSH reverse tunnel.
Ghost Tunnel is a covert backdoor transmission method, hiding payload in 802.11 Probe-Request and Beacon frames. As it is in the first 3 steps connecting to an AP, it can transfer payload in isolated environments(need physical access first) and bypass firewall. In P4wnP1, it is called WiFi Covert Channel.
To know the principle better, I wrote a Go version.
It is said that Google’s HTTP-Over-QUIC protocol has been renamed to HTTP/3.0 !
Then I take a quick look and add QUIC support to SweetyGo as well as this site.
Inspired by Transferring Backdoor Payloads with BMP Image Pixels, I write a Go version demo
Although it seems not as new and dangerous as can be, concealing payload into bmp pixels to bypass AV is really insteresting.
Having an automatic aiming artillery is every boy’s dream. This semester’s Automatic Control and Visual Objects Tracking course have taught me some principles of tracking and pan/tilt control. So it’s time to do it!