With Shellbags, LastRun etc. all over the registry in often obfuscated binary formats, isn't it essentially impossible to create a 100% stealth project that does anything non-trivial? You'd need a wrapper that was aware of every aspect of registry forensics that could clean up on exit, and even then you'd need to rely on the software closing elegantly every time. Stealth on Windows after XP is a myth for all but the most OCD developers working on privacy-centric apps. Linux is arguably even less friendly due to the sheer number of variables involved though -- yes, there's no ugly monolithic binary database like the registry but your desktop environment, file explorer, package manager, package format (esp. the portable ones like AppImage), distro directory structure etc. all contribute to hundreds of permutations of potential non-stealth remnants. At least with Windows, it fails stealth in a highly predictable way that uses the same dozen or so diffuse locations for remnants.
Speaking of which, anyone aware of any wrapper frameworks (for developers) or apps (for end users) that will do all that stuff? My ideal would be one that even cleans up Shellbags if explorer dialogs were used. Though that seems like a wholly unrealistic moving target. Can Sandboxie be used to avoid all of those remnants without much of a performance hit? I've always meant to try it, especially since it went open source, but just never got around to it. What about Docker? I've been looking for native solutions but I think emulation/virtualisation/containerisation is the future for truly portable apps with stealth.
I know that I talk a good game and that I should've already tried these things a long time ago but most of what I know comes from when I was a CS academic working on security engineering and networking over a decade ago, before Docker became this huge deal; I had to give up because I developed an extremely rare blood disorder that has left me (hopefully temporarily) disabled.
Speaking of which, anyone aware of any wrapper frameworks (for developers) or apps (for end users) that will do all that stuff? My ideal would be one that even cleans up Shellbags if explorer dialogs were used. Though that seems like a wholly unrealistic moving target. Can Sandboxie be used to avoid all of those remnants without much of a performance hit? I've always meant to try it, especially since it went open source, but just never got around to it. What about Docker? I've been looking for native solutions but I think emulation/virtualisation/containerisation is the future for truly portable apps with stealth.
I know that I talk a good game and that I should've already tried these things a long time ago but most of what I know comes from when I was a CS academic working on security engineering and networking over a decade ago, before Docker became this huge deal; I had to give up because I developed an extremely rare blood disorder that has left me (hopefully temporarily) disabled.
Statistics: Posted by influx — Wed Aug 28, 2024 5:48 pm