O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Trojans - nullhyd September Humla

Introduction To malwares
Creating RATS
Extension spoofing
Impact of RATS
Detection & Removing manually
Issues with communication
Hands on with Darkcomet

  • Entre para ver os comentários

Trojans - nullhyd September Humla

  1. 1. Null Humla - Hyderabad
  2. 2.  Just a security enthusiast.  Working as Security Analyst in Anthelio.  Ex-Trainer in Innobuzz, Hyderabad. bheemamahesh@gmail.com @0xmahesh
  3. 3.  Malware is just a piece of software that is designed to do something malicious or unwanted.  Malware is a general term that refers to represent a variety of malicious programs.  Malware trend has shifted to money making rather than causing damage.
  4. 4.  Virus  Worm  Trojan  Rootkit  Botnet  Spyware/Adware  List goes on…
  5. 5.  Malware will also seek to exploit existing vulnerabilities on systems, to make their entry quiet and easy. Note: One Malware may combine many elements together, and hence it could be categorized in more than one category.
  6. 6.  Like its living counterpart, a computer virus infects your computer, taking control over some or all of its functions.  Virus requires human interaction.  A virus is a harmful program or code that attaches itself to another piece of software, and then reproduces itself when that software is run.
  7. 7.  Worms are stand-alone programs that are able to transmit themselves across a network directly. Unlike a computer virus, worms do not need to attach themselves to an existing program.  Worms doesn’t need human interaction.  Worm will replicate itself and eat the system resources.
  8. 8.  A Trojan horse, commonly known as a “Trojan,”  The Trojan program is malware that masquerades as a legitimate program. The program may have a legitimate function.  A Trojan can give a malicious party remote access to an infected computer.
  9. 9.  Rootkit can be any malicious file like a virus, trojan etc…  Rootkit prevention, detection, and removal can be difficult due to their stealthy operation.  A rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits.
  10. 10.  Botnet is nothing but a collection of robots in a network. In short botnet is derived from robot and network.  Botnets can be collection of slaves used for financial gains like DDOS.  Botnets are centrally controlled.  Botnets may use databases to store user info.  Botnets will collect important info using form grabbers.
  11. 11.  Spyware is software that spies on you, tracking your internet activities without their knowledge in order to send advertising (Adware) back to your system.  Adware is a type of malware that automatically delivers advertisements.
  12. 12.  Enter Attackers IP and port specification, which in turn helps for back connection as the victim needs to know the IP and port to which it has to connect.  We can also use DMZ option instead of port forwarding to achieve the connection, which leads your IP to expose publicly.
  13. 13.  Almost everyone has a dynamic IP address which means your IP address can change any moment and you will loose all your slaves/bots.  Dynamic DNS prevents this by telling all bots to resolve your Dynamic DNS host which tells the bots what your IP address is.
  14. 14.  Register a no-ip account.  Add a host by choosing a hostname.  Download no-ip client and login.
  15. 15.  Log your keystrokes to steal private data (like credentials, credit card info, conversation, etc)  Install other malware programs  Modify files on your machine  View your entire screen, monitor and even control your activity  Use your machine to perform DDoS attacks.  Use your machine as Proxy.
  16. 16.  Trojans require port forwarding because for the packets to reach your computer through the router, the router needs to know which computer on the network to send the packets to; you tell the router to forward any packets sent to specific port to a specific address on the network.
  17. 17.  Majority of routers support port forwarding, might be called with different names like Port forwarding, Virtual Server etc..  In most cases, we can see this option in Security section/ Firewall/Advanced.
  18. 18.  By using Character Map in windows, One can spoof the extensions of the files by using the Right to left override character.  With this Character, we can swap the file name which in turns spoofing the files
  19. 19. By checking the following  Network statistics.  Startup entries.  Registry entries.  Running services.  Sometimes behavior of the machine.
  20. 20. Thank you all for bearing me. Special Thanks to Magna Quest for the venue. 