mauigaq.blogg.se - How to detect rat using tcpview

WannaCry - famous ransomware within 24 hours had 230,000 victims exploited unpatched SMB vulnerability.Ransomware - malicious software designed to deny access to a computer until a price is paid usually spread through email.Fake Antivirus - tries to convince a user has a virus and have them download an AV that is a virus itself.Usually installed by user clicking on malicious file attachments or downloads.Virus - self-replicating program that reproduces by attaching copies of itself into other executable code.Log file can be found at c:\windows\system32\sigverif.txt.SIGVERIF - build into Windows to verify the integrity of the system.Tripwire - integrity verifier that can act as a HIDS in protection against trojans.Msconfig - Windows program that shows all programs set to start on startup.Process Explorer - Microsoft tool that shows you everything about running processes.netstat -b - displays all active connections and the processes using them.netstat -an - shows open ports in numerical order.Offers DNS forwarding, port mapping and forwarding and proxying.Can connect over TCP or UDP, from any port.From attack machine nc -l -p 5555 opens a listening port on 5555.Provides all sorts of control over a remote shell on a target.Covert Channel Tunneling Trojan (CCTT) - a RAT trojan creates data transfer channels in previously authorized data streams.Command Shell Trojan - Provides a backdoor to connect to through command-line access.Trojans are means of delivery whereas a backdoor provides the open access.To hackers, it is a method to gain and maintain access to a system.Trojans - software that appears to perform a desirable function but instead performs malicious activity.Exploit Kits - help deliver exploits and payloads.Packers - use compression to pack the executable which helps evage signature based detection.Crypters - use a combination of encryption and code manipulation to render malware undetectable to security programs.Wrappers - programs that allow you to bind an executable to an innocent file.

Covert Channels - used to transport data in unintended ways.

Overt Channels - legitimate communication channels used by programs.

Most is downloaded from the Internet with or without the user’s knowledge.

Malware - software designed to harm or secretly access a computer system without informed consent.