Overblog Suivre ce blog
Administration Créer mon blog

29 articles avec methodology

Rootkit test 3

Rootkit test 3

Rootkit technologies detection and prevention: - with Rootkit Demo1.2: this russian demo uses is designed to hide its presence and to make speakers beeps.RKDemo does not use particular hidding method, but take advantage of Windows functions (returs an...

Lire la suite

METHODOLOGY Part 2

METHODOLOGY Part 2

PART 2: IN THE WILD WITH REAL MALWARES 7) Boot Sector/Bios/MBR protection: MBR virus When a computer is not protected with a Bios password, and neither by an antivirus (only HIPS), an ill-intentioned person can easly boot the computer from external drives...

Lire la suite

METHODOLGY Part 3

METHODOLGY Part 3

CLIENT/SERVER SIDE ATTACKS and other tests: here we distinguish attacks which occur via browser from malwares which infect the system: NB.As some vulnerabilities could be patched as soon as possible, the tests are run on Windows XP2 updated until the...

Lire la suite

METHODOLOGY Part 1

METHODOLOGY Part 1

FIRST PART based on the behaviour (more screenshots here) 1a.Execution protection -with the TaskManager launched via Ctrl+Alt+Del -via start and execute menu -with srip32 launched by explorer.exe -with shellcode for running notepad.exe: and calc.exe (2...

Lire la suite

Oddysee Rootkit Test

This rootkit is a pure "hider" (intrusion or hacker tool): it acts as an hidden service/driver.But it does not hide its registry keys, that makes it easy to detect for users who know their system well.In this example, we purposefully take the side and...

Lire la suite

data theft tests 2

data theft tests 2

Data theft via sniffing: f. with a command line sniffer (currently detected by none antivirus on Virus Total): We run (locally) the sniffer and connect to the web mail. g. with Sniffer (Renamed, not detected by antivirus on Virus Total): We run (locally)...

Lire la suite

Data theft tests

Data theft tests

Here we illustrate some data theft attacks which can really be used in the wild. a. with trojan demo: This demo illustrates an "in the fly data theft attack" : once executed, it launches calc.exe, lists My Documents folder files and reports them (HTML)...

Lire la suite

DefenseWall Test Part 2 - suite -

DefenseWall Test Part 2 - suite -

Suite of Part 2 b) Worms and virus * With Feebs : The .hta file does launch IE on a false “hotmail.com secure mail server” link, mshta.exe is ‘untrusted too. Except the 100 % CPU annoyance, nothing happens once ‘untrusted processes are killed. Passed...

Lire la suite

ROOTKIT Test 2

ROOTKIT Test 2

For the purpose of this test, we use two demonstrations which illustrate some rootkits methods, technology or behaviour. a.The first demonstration illustrates an hidden process method via Eprocess (physical memory access, ntoskrnl mapping etc).We use...

Lire la suite

1 2 3 > >>