Time to add our own unique functionality to cd00r. This can be anything, but for now, let's just print BANG to the terminal. Once you have that finished, compile it again in the method you believe is the hardest for VirusTotal to detect. Ensure everything works!
- Explain your modifications to the original cd00r code.
- Submit the C source of the code.
- Run srings, ldd, readelf, strace on the file
- What do you find? What was the difference?
- Submit the binary to VirusTotal
- What did VirusTotal detect it as? What was the difference?
Alright sure, we shouldn't be submitting our malware to VirusTotal or we burn ourselves. In a perfect world we have a nice, reputable nodistribute/noforward to send our stuff to, or we have built our own, but we're a budget APT right now.