ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software.
How does it work?
It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS traffic, it works in conjunction with man-in-the-middle techniques or MITM such as DNS, ARP, DHCP, etc.
Attack Vectors
Internal scenario:
- Internal DNS access
- ARP Spoofing
- DNS Cache Poisoning
- DHCP Spoofing
External scenario:
- Internal DNS Access
- DNS Cache Poisoning
What are the supported OS?
The framework is multiplatform, it only depends of having the right payload for the target platform to be exploited.
Implemented modules
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffice
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- Notepad++
You can download ISR-evilgrade here:
Or read more here.
