Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SECTION 12
- Anti-Malware :
- ================
- The softwares which are made to detect the malwares and preventing them from destroying the system.
- Like : anti-virus or Web security
- How the Anti-malware programs work:
- ------------------------------------
- They basically work on the basis of signatures and definitions .Every application created has its own signature so these anti malwares have a database of signatures(of trojans).So when they find a signature of application in the database they consider it to be a virus or trojan and simply remove it or ask for actions to implemented ...
- https://www.youtube.com/watch?v=bTU1jbVXlmM
- what are Signatures in antivirus?
- -->A unique string of bits, or the binary pattern, of a virus.
- --> The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code.
- How to evade these Anti-Malware:
- ---------------------------------
- To evade these anti malware we require softwares that are termed as binder and cryptors which help in modifying the signature making a new signature which is not present in thier database. So basically our target is to make a trojan or virus FUD( Fully UnDetectable).
- what are signatures?
- unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code
- Cryptors are those applications which helps as a extra coating layer to an application providing there own self generated "Signatures".
- Binders are those application which bind the malware with any other file (that file which seems usefull to user but trojan is binded with it and will run in stealth mode).
- Some of these cryptors are : CHrome Crypter, Urge Crypter
- BOTNETS : roBOT in a NETwork
- These are the devices that are effected by the trojans or virus which can be controlled by a single attacker and can be used for several attacks like DDOS...
- ROOTKITS : Rootkits are those Malicious Applications or Codes which are installed in the Boot option such as BIOS and start executing on every startup.
- Netstat:
- -------
- -->netstat (network statistics) is a command line tool for monitoring network connections both incoming and outgoing .
- --> netstat is available on all Unix-like Operating Systems and also available on Windows OS as well. It is very useful in terms of network troubleshooting and performance measurement.
- -->netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.
- CMD > $ netstat -ona
- (This will show all the Sockets : IP+Port Connections with their Stats of that particular machine)
- = o stands for ports
- = n stands for network IPs
- = a stands for all connections and ports
- https://lucideustech.blogspot.com/2018/02/tracing-and-terminating-reverse.html
Add Comment
Please, Sign In to add comment