Certainly, this program has a number of features which I needed on a daily basis in my WiFi testing lab. We had hundreds of headless machines running in isolation chambers which needed automated tools for remote controlling all aspects of the system.
Back in the day, we programmed our own agent to do things like provide remote program execution, file system access, NDIS/OLE/DCOM control, traffic generation, packet capture, system profiling, key-press and mouse-click macros for UI automation, etc. We had many of the same options for automating how the agent was installed, such as customizing the build for automatic deployment across various environments. We had automated PXE combined with a Ghost program where we could snapshot and deploy images to the machines straight from a TCL API. We had ways to throw up screens on the UI to indicate tests were in progress and lock the machine for interactive use.
About 15 years ago I actually spent several man-years building much of the functionality which is now contained within NanoCore. And while we didn't provide specifically SYN flood, we wrote wrappers for iperf to be able to load the executable onto the machine, and a TCL API around running iperf in server or client mode and capturing and parsing the output. We also wrote our own L2 traffic generator which trivially could have been used to generate SYN floods, although we were more interested in particular with generating "pure" traffic patterns to find the synthetic maximum possible throughput, as well as ideally sized packets for WiFi range and ACI testing.
The Azimuth WSC -- as it was called -- met every definition of a modern day "RAT" except that of course it's official purpose wasn't malware.
FWIW, Apple's Remote Desktop tool does almost everything this guy's RAT does.
Except: You can't disable webcam lights with it. And you can't SYN flood (directly) with it. It is trivial to run a few shell commands and install tools that let you SYN flood. Why would a RAT include that by default. I think it will come down to a couple of the small hard to justify features coupled with the overall packaging and history of the software that really spell out a story of intent from the author that lands him in jail.
Intent, and the story, that gets told in court really matters. Plus we don't have the totality of the evidence.
Back in the day, we programmed our own agent to do things like provide remote program execution, file system access, NDIS/OLE/DCOM control, traffic generation, packet capture, system profiling, key-press and mouse-click macros for UI automation, etc. We had many of the same options for automating how the agent was installed, such as customizing the build for automatic deployment across various environments. We had automated PXE combined with a Ghost program where we could snapshot and deploy images to the machines straight from a TCL API. We had ways to throw up screens on the UI to indicate tests were in progress and lock the machine for interactive use.
About 15 years ago I actually spent several man-years building much of the functionality which is now contained within NanoCore. And while we didn't provide specifically SYN flood, we wrote wrappers for iperf to be able to load the executable onto the machine, and a TCL API around running iperf in server or client mode and capturing and parsing the output. We also wrote our own L2 traffic generator which trivially could have been used to generate SYN floods, although we were more interested in particular with generating "pure" traffic patterns to find the synthetic maximum possible throughput, as well as ideally sized packets for WiFi range and ACI testing.
The Azimuth WSC -- as it was called -- met every definition of a modern day "RAT" except that of course it's official purpose wasn't malware.