The payload described above established an encrypted channel that is secure against passive eavesdropping during or after the attack. It is not, however, perfectly secure against a malicious user able to perform a man-in-the-middle attack because the public key of the payload delivery server is included in the exploit. However, an attacker taking advantage of this must be able to actively identify and intercept the exploit as it is being delivered to the target. This is somewhat unlikely as it requires an exact signature for the specific exploit being used or a means to identify, simulate, and replace polymorphic self-decoding executable code.
Assuming that the exploit delivery has not been tampered with, the delivery and communication of the target-side scripting system is secure against both eavesdropping and man-in-the-middle attacks. An active attacker with knowledge of the plaintext may, however, modify those bytes within the RC4 encrypted streams. The delivered executable does nothing to protect itself against recovery from the target filesystem. This is typically not an issue in professional penetration testing and intentionally makes the payload unsuitable for illicit activities. The mission-logic encapsulated in Lua script, however, is never written to disk and is secure against eavesdropping and filesystem recovery.
Future work will enrich the capabilities of the system to perform in-memory Lua interpreter injection and implement richer cryptographic support within the Lua interpreter. In addition, research into secure asynchronous command and control protocols would provide an ideal remote management system for deployed payloads. The author believes that penetration-testing techniques and tools must grow to resemble the Internet attacker technology used in drive-by downloads, botnets, and e-mail attacks in order to better evaluate an organization's defenses against these threats.