pytorch加载pt模型_进行中的恶意软件开发pt 1动态模块加载

pytorch加载pt模型

介绍 (Introduction)

As a blend between offensive security engineer and developer, I find myself frustrated in attempting to adhere to the software development lifecycle (SDLC). The modern day security consultant requires so many disparate tools across a variety of maintainers to be successful in operations, and integrating them into a workflow is awkward at best. Worse, the methods in which these tools are deployed into an environment are often immutable to the user, leaving them with little to no alternatives. Many agents are compiled with a set of static commands, with usually some set of functionality that allows the end user to extend it in a limited capacity. Besides these commands being immutable once compiled and loaded, if an agent were to be compromised by a clever analyst, they’d be able to create detections around it and its entire feature set.

作为进攻性安全工程师和开发人员的混合体，我发现自己对遵守软件开发生命周期(SDLC)感到沮丧。 当今的安全顾问需要跨多个维护人员的众多不同工具才能成功运行，并且将它们集成到工作流中充其量是很尴尬的。 更糟糕的是，将这些工具部署到环境中的方法通常对用户是不可变的，从而几乎没有替代品。 许多代理程序是用一组静态命令编译的，通常具有一些功能，这些功能允许最终用户以有限的能力扩展它。 除了这些命令一旦编译和加载后是不变的，如果一个代理要被一个聪明的分析家破坏，他们将能够围绕它及其整个功能集创建检测。

Instead, what if we could load agent functionality as it was needed? A minimal agent core is delivered to the target whose primary function is to load commands from the control server. Once loaded, the commands could then be executed by the agent, dispatching requisite data to the modules and communicating the results. This is exciting because it solves many of the problems outlined above:

相反，如果我们可以按需加载代理功能怎么办？ 最小的代理程序核心将传递给目标，目标核心的主要功能是从控制服务器加载命令。 加载后，命令便可以由代理执行，将必需的数据分发到模块并传达结果。 这很令人兴奋，因为它解决了上面概述的许多问题：

1. If any agent in a mesh were compromised, the capabilities exposed would only be limited to that which was loaded in memory at that time. If the agent isn’t carved from memory, a defender only sees the bare-bones loading functionality. If one were to clean up their memory after executing a module, the module functionality also remains safe unless a defender dumps the memory of the machine while that module is executing.
   如果网格中的任何代理程序遭到破坏，则公开的功能将仅限于当时在内存中加载的功能。 如果代理不是从内存中分离出来的，则防御者只会看到准系统加载功能。 如果执行模块后要清理其内存，则除非防御者在执行该模块时转储了机器的内存，否则该模块的功能也将保持安全。
2. Modules can live as their own separate code repositories, allowing for easier maintainability and QA testing.
   模块可以作为自己的独立代码存储库使用，从而使维护和质量检查变得更加容易。
3. Modules can be written in any language so long as they compile to shared libraries.
   只要模块可以编译到共享库中，就可以用任何语言编写。

4. Modules can have versioning associated with them, which is a model Cody Thomas’s (https://twitter.com/its_a_feature_) Mythic C2 (https://github.com/its-a-feature/Mythic/) framework supports.

   模块可以具有与之关联的版本控制，这是Cody Thomas( https://twitter.com/its_a_feature_ )Mythic C2( https://github.com/its-a-feature/Mythic/ )框架支持的模型。

5. In shops where a dedicated development team does not exist, and new innovations are driven by individuals, it becomes much easier to integrate new functionality any one person develops either on assessment or otherwise.
   在不存在专门的开发团队且个人推动新创新的商店中，集成任何人通过评估或其他方式开发的新功能变得容易得多。

In this article, I’ll outline a proof-of-concept (POC) written in Go that is capable of loading shared libraries during its run time, and demonstrate how to accomplish two-way communication between an arbitrary shared library and the application core. This POC is written for Linux for the sake of simplicity; however, the same concept can be applied to Windows using Stephen Fewer’s excellent Reflective DLL Injection project (https://github.com/stephenfewer/reflectivedllinjection).

在本文中，我将概述用Go编写的概念证明(POC)，它可以在运行时加载共享库，并演示如何完成任意共享库和应用程序核心之间的双向通信。 。 为了简单起见，此POC是为Linux编写的。 但是，可以使用Stephen Fewer出色的Reflective DLL注入项目( https://github.com/stephenfewer/reflectivedllinjection )将相同的概念应用于Windows。

为什么去？ (Why Go?)

Go was appealing as an application core for three reasons. First, Go is capable of cross-platform compilation. It’d provide a stable code warehouse for every operating system (OS), and building is (for the most part) straight forward for whatever OS you’d want to deploy on. Second, the ability for Go to interact with C code allows a developer to more easily manage C code without having to code in pure C. Moreover, C gives us direct access to native APIs so that we don’t have to perform reflection to access them. Lastly, I wanted to learn a new language and enjoy Go quite a bit. It’s a minor thing, but hey, it’s important to enjoy what you do.

Go之所以吸引其作为应用程序核心，原因有三点。 首先，Go能够进行跨平台编译。 它会为每个操作系统(OS)提供一个稳定的代码仓库，并且(对于大多数情况而言)对于要在其上部署的任何OS而言，构建都是很简单的。 其次，Go与C代码进行交互的能力使开发人员可以更轻松地管理C代码，而不必使用纯C编写代码。此外，C使我们可以直接访问本机API，因此我们不必执行反射即可访问他们。 最后，我想学习一种新的语言，并且相当喜欢Go。 这是一件小事，但是，享受您的工作很重要。

应用程序设计注意事项 (Application Design Considerations)

Before we write any code, we should define what functionality it is we’re trying to build. Our aim is to create a shared library loader that can load libraries in memory, invoke function exports from said library, and return the results of that function. The results will be wildly different from function to function, so results should be stuffed into a datagram structure that both the application and library agree upon. These datagrams should be flexible enough such that when received, the application or library can perform more complex logic with the data within. A module loaded this way may be long running and need t