From e267f282c6829a13a494a90511ad8aad07130157 Mon Sep 17 00:00:00 2001
From: Andrew Rioux <rioux.d.andrew@gmail.com>
Date: Tue, 21 Oct 2025 08:02:55 -0400
Subject: [PATCH] docs: point to tech descriptions of network access

---
 README.md           | 2 ++
 sparse-05/README.md | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 022c63c..83379c4 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 
 Developed using libpcap to enable evading local firewalls and with an eye towards hiding itself from inspection. Deprecated in favor of sparse-v2 before being completely developed; the most significant tool this repository contributes is `sparse-05`.
 
+This repository weaponizes some of the concepts highlighted in [this blog post](https://andrew.riouxs.co/articles/20251017-direct-network-access.html)
+
 ## Significant Packages
 - [pcap-sys](./pcap-sys): A Rust wrapper around the libpcap library for Linux
 - [nl-sys](./nl-sys): A Rust wrapper around the netlink (nl) library on Linux
diff --git a/sparse-05/README.md b/sparse-05/README.md
index 76ba831..e7dfb78 100644
--- a/sparse-05/README.md
+++ b/sparse-05/README.md
@@ -23,6 +23,12 @@ Sparse 0.5 is a stopgap solution until the C2 framework itself is more mature. I
 - A richer CLI with Sparse specific commands such as #upload, #download, and #edit
 - A Windows version using winpcap, with both standalone binary and service versions
 
+## How it works, or what makes this unique
+
+[Read the blog post about it](https://andrew.riouxs.co/articles/20251017-direct-network-access.html)
+
+Sparse 0.5 weaponizes libpcap to both receive and send packets. It listens at the network interface level, recreating IP packets to respond to a UDP stream inbound to a specific port. Due to how libpcap creates a raw socket, the only thing the operating system sees is arbitrary writes to the network interface, bypassing the ACLs and auditing included in the IP, UDP, and TCP protocol suites built into the operating system.
+
 # Obtaining
 
 Sparse 0.5 is immediately ready to build from source if using the [Nix package manager](https://nixos.org/download) [with flakes enabled](https://nixos.wiki/wiki/Flakes) by running `nix build .#sparse-05-client`.