Skip to content

Latest commit

 

History

History
96 lines (71 loc) · 2.72 KB

introduction-to-malwares.md

File metadata and controls

96 lines (71 loc) · 2.72 KB

Introduction to malwares

Malwares = Generic name for all kind of malicious codes!

  • Malware = Malicious Software = Malicious Code
  • Unit of execution = CPU + Memmory ==> Malware
  • Myth: Linux - Unix - MacOS Vs Windows
  • All Operating Systems
  • 'All files' can host malware (Except txt!)

Types: Virus, Worm, Trojan, Backdoor, Keylogger, Spyware, Rootkit, Bot

Malwares (First part)

  • Virus

    • Auto reproduction by infecting files
    • PE File (EXE, DLL, SYS, SCR, DRV, ...)
    • Non PE: ....HTML?!!
    • Virut?! Sality?!
    • SAMPLE NAME: W32/Virut.A.gen!Eldorado (generic, not disinfectable)
    • How?
      • Adding a section to an executable...
      • Adding VBS code into a HTML file...
    • DEMO Sality + Capside

  • Worm

    • Network Shares
    • Email
    • Removable media
    • Auto infect via Systems VULNERABILITIES

Buffer Overflow

  • Major security issue that we still facing
  • No solution?! Managed code?!
  • We are able to migitate damages caused by it (Auditing source code - Auditing binary)
  • JAVA/CHROME/ADOBE SandBoxies.
  • DEMO Dis MAMA Buffer Overflow

Malwares (Second part)

  • Trojan

    • Well known TRIOE's story
    • Social engineering!
    • Games, Utilities, Keygen, ...
    • What's inside is limited to the imagination of the developer
    • Mostly created by kits(Subseven, ProRAT)

  • Backdoor

    • Method of bypassing normal authentication, securing illegal
    • remote access to a computer
    • Hacker will be able to re-access the system remotely
    • Stealthy

  • Keylogger

    • Keyspress logging
    • ++ Screenshots
    • ++ Applications + URL + FORMS
    • Stealthy
    • Software/Hardware
    • Hardware: Keyboard, USB, PS/2, Captured data realtime sent!
    • DEMO: Free Keylogger

  • Spyware

Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge. (*source: Wikipedia)

  • Rootkit

A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. (*source: Wikipedia)

DEMO: (Windows) HxD + KD

  • Bot
    • C&C
    • Bot
    • DDoS

Cyber Weapon

  • STUXNET

Reference