Hello,
I would like if you could help me to clarify the difference between HVNC and Hidden Browser.
My understanding goes like this:
HIDDEN REMOTE BROWSER
* Not a real VNC implementation. Sometimes sold as HVNC.
* The module/bot creates a hidden desktop, then launches a browser process within the desktop.
* The module/bot takes constant screenshots of the browser and sends them back to the C2/controller.
* On the C2/controller the screenshots are shown and you can send events (click, key pressed, copy, etc) to the module.
* The module binds those events commands with the coordinates (x/y) and recreates the event on the browser.
* You can only use a web browser. No other apps, or windows components.
* TinyNuke is an example of hidden browser.
HVNC
* An implementation of a real VNC library (TightVNC, NOVnc, etc).
* Compiled binaries/dlls to run the server on the pc are used or the source code is compiled to a custom module.
* The VNC server (which runs on the pc) is launched within a hidden desktop.
* You can open any app you want as a normal user would do on a normal desktop.
* The library does the heavy lifting of the communcations, the screenshots, binding events (clicks,keys,etc)
Are the assumptions correct? Any other remarks?
I'm coding in C++ and didn't really knew which category to put the thread on.
Thanks