docs: point to tech descriptions of network access

2025-10-21 08:02:55 -04:00 · 2025-10-21 08:02:55 -04:00 · e267f282c6
commit e267f282c6
parent 8905d027ea
2 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,8 @@

 Developed using libpcap to enable evading local firewalls and with an eye towards hiding itself from inspection. Deprecated in favor of sparse-v2 before being completely developed; the most significant tool this repository contributes is `sparse-05`.

+This repository weaponizes some of the concepts highlighted in [this blog post](https://andrew.riouxs.co/articles/20251017-direct-network-access.html)
+
 ## Significant Packages
 - [pcap-sys](./pcap-sys): A Rust wrapper around the libpcap library for Linux
 - [nl-sys](./nl-sys): A Rust wrapper around the netlink (nl) library on Linux
--- a/sparse-05/README.md
+++ b/sparse-05/README.md
@ -23,6 +23,12 @@ Sparse 0.5 is a stopgap solution until the C2 framework itself is more mature. I
 - A richer CLI with Sparse specific commands such as #upload, #download, and #edit
 - A Windows version using winpcap, with both standalone binary and service versions

+## How it works, or what makes this unique
+
+[Read the blog post about it](https://andrew.riouxs.co/articles/20251017-direct-network-access.html)
+
+Sparse 0.5 weaponizes libpcap to both receive and send packets. It listens at the network interface level, recreating IP packets to respond to a UDP stream inbound to a specific port. Due to how libpcap creates a raw socket, the only thing the operating system sees is arbitrary writes to the network interface, bypassing the ACLs and auditing included in the IP, UDP, and TCP protocol suites built into the operating system.
+
 # Obtaining

 Sparse 0.5 is immediately ready to build from source if using the [Nix package manager](https://nixos.org/download) [with flakes enabled](https://nixos.wiki/wiki/Flakes) by running `nix build .#sparse-05-client`.