API tools faq
paste
anshulpandey222

LCSP Level 1 : Session 6

anshulpandey222
Feb 12th, 2019
203
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.42 KB | None | 0 0
raw download clone embed print report
  1. Session 6
  2. ==========
  3.  
  4.  
  5. Trojans : Its a type of MALWARE jo user ko lgta hai uske fayde ke liye hai pr andrr hi andrr wo usko kahin na kahin se khokhla kr deta hai hai.
  6. It is a type of malware which at first seems to be a benficial thing for a person but it i basically harming the person at the backend at the background.
  7. It basically provide a backdoor access of any system without the concern of the system owner.
  8.  
  9.  
  10.  
  11. Trojans can be differentiated on the basis of connections:
  12.  
  13. 1.Forward connection based trojans
  14. 2.Reverse connection based trojans
  15.  
  16.  
  17.  
  18. 1. Forward Connection
  19. ---------------------
  20. When the attacker have the target's IP Address, then he can directly attack the system.(saara khel Victims ki ip address ka hota hai)
  21. 1. Target keeps on moving --> IP Address of the target will keep on changing
  22. 2. It will be very very hard for an attacker to get the target's IP Address everytime, when he will change the location.
  23.  
  24.  
  25.  
  26. 2. Reverse Connection
  27. ---------------------
  28. This is the current type of trojan that is implemented nowadays in which an attacker uses his/her IP address to launch an attack. Its not required to know the IP address of the victim. The trojan developed by hacker is send to the victim and further when executed by victim attacker gets the access.
  29.  
  30. Tools we use to make a trojan is a third party tool known as Remote Administrative Tool (RAT).
  31. eg: Dark Comet
  32. NjRAT
  33. Nanocore etc...
  34.  
  35. Note: The RAT's created from the above tools or from somewhere else could be implemented on internet and intranet but the procedure varies...
  36. INTRANET : when attacker and the victim are on the same network
  37. INTERNET : when attacker and the victims are in a different network (using DDNS and port forwarding).
  38.  
  39. Dark Comet demo...
  40.  
  41.  
  42. Anti-Malware :
  43. ================
  44. The softwares which are made to detect the malwares and preventing them from destroying the system.
  45. Like : anti-virus or Web security
  46.  
  47. How the Anti-malware programs work:
  48. ------------------------------------
  49. They basically work on the basis of signatures and definitions .Every application created has its own signature so these anti malwares have a database of signatures(of trojans).So when they find a signature of application in the database they consider it to be a virus or trojan and simply remove it or ask for actions to implemented ...
  50.  
  51. https://www.youtube.com/watch?v=bTU1jbVXlmM
  52.  
  53.  
  54. How to evade these Anti-Malware:
  55. ---------------------------------
  56. To evade these anti malware we require softwares that are termed as binder and cryptors which help in modifying the signature making a new signature which is not present in thier database. So basically our target is to make a trojan or virus FUD( Fully UnDetectable).
  57.  
  58. Cryptors are those applications which helps as a extra coating layer to an application providing there own self generated "Signatures".
  59.  
  60. Binders are those application which bind the malware with any other file (that file which seems usefull to user but trojan is binded with it and will run in stealth mode).
  61.  
  62. Some of these cryptors are : CHrome Crypter, Urge Crypter
  63.  
  64. BOTNETS : roBOT in a NETwork
  65. These are the devices that are effected by the trojans or virus which can be controlled by a single attacker and can be used for several attacks like DDOS...
  66.  
  67. ROOTKITS : Rootkits are those Malicious Applications or Codes which are installed in the Boot option such as BIOS and start executing on every startup.
  68.  
  69. -----------------------------------------
  70. SECURE SYSTEM CONFIGURATION
  71. ===========================
  72.  
  73.  
  74. 1. CMD > $ netstat -ona
  75. (This will show all the Sockets : IP+Port Connections with their Stats of that particular machine)
  76. = o stands for ports
  77. = n stands for network IPs
  78. = a stands for all connections and ports
  79.  
  80. 2. CMD > tasklist
  81. CMD > $ taskkill /PID ___ /F
  82.  
  83. 3. Startups Check and Maintaining the list of the Machine.
  84.  
  85. 4. Task Manager > Processes > kill PID (Process ID) of the Malicious Executable(exe)
  86.  
  87. 5. Checking Firewall status and making and creating new Rules Sets. > Outbound Rules & Inbound Rules
  88.  
  89. 6. Services running on the Machine.
  90.  
  91.  
  92. https://lucideustech.blogspot.com/2018/02/tracing-and-terminating-reverse.html
  93.  
  94.  
  95.  
  96.  
  97.  
  98.  
  99.  
  100. 1. vivekredhu@yahoo.com
  101. Password - ************
  102.  
  103. 2. vivek.redhu@yahoo.com - **********
  104. 3. vive.kredhu@yahoo.com - **********
  105. 4. vivekre.dhu@yahoo.com - **********
  106.  
  107.  
  108.  
  109.  
  110. 1. 5unnykum4r@gmail.com
  111. 2. 5unny.kum4r@gmail.com
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!