Hello and welcome to the Thursday, April 4, 2020, edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Today I played a little bit with Anthony Weems backdoor implementation, X-C-Bot.

It implements the X-Eutilsdoor, and then XEBot is also a tool

that essentially simulates a tool that an attacker would use in order to connect to a backdoor

system. Now, one of the tricky parts here, of course, is that we don't have the key material that

the attacker would have used to connect to the original backdoor.

So the genius here of Anthony's implementation is that, well, you can just bring your own key,

and with that, just experiment how the backdoor would work. I took a quick step at it, and I didn't actually implement the backdoor would work.

I took a quick step at it and I didn't actually implement the backdoor part.

I really just wanted to see what happens if I use this client to connect to an SSH server

that's running perfectly fine that does not have the backdoor installed.

In my experiments, there was one specific error message that showed up an error in LipCrypto.

I did use standard Ubuntu 22 install.

May not have used the client quite correctly.

If anybody has any insight, any other experience with this client,

let me know, or if you saw any other error messages,

that would also be kind of helpful.

I also used to connect a username that was actually not allowed to connect a route in this case,

which is the default

user in Anthony's implementation. As far as the network traffic goes, I didn't really see anything

great here to pick up on or to use as a signature other than the fact that you have relatively

...