System hijacking using rat

2,006 views
1,900 views

Published on

null Pune February 2012 Meet

Published in: Education, Technology
1 Comment
0 Likes
Statistics
Notes
  • how can i contact you?
    i want to learn about ratting.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
2,006
On SlideShare
0
From Embeds
0
Number of Embeds
356
Actions
Shares
0
Downloads
32
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

System hijacking using rat

  1. 1. -Nehal Tanna
  2. 2.  Remote Access Trojan / Remote Administration Tool. It is a malware program that provide a back door for administrative control over victim’s computer.
  3. 3.  Client/Server model. Server Program, Client Program Type of Port listening o Active Listening o Passive Listening. – Most frequently used.
  4. 4.  File Binders. (txt,mp3,mp4,jpeg,mpeg,docx) JAVA Exploit. Autorun.ini Email Attachment. Games or s/w setup program.
  5. 5.  Trojan program uses set of API’s. For eg. in vb System.Net , System.Net.Sockets. AV keeps the database of this API calls. Our AV program’s sends source code of suspicious file to their database. From HoneyPort sites such as virustotal.com over more than 43 multi AV scanner.
  6. 6.  Crypting techniques : o Fake API calls. o Changing Entry points. o Changing variable names. o Including Payloads. Private RAT versions. Crypters and Stub programs. o VB crypters and Java crypters. o Private versions and Public versions. Manual Hexing. Changing ICO file.
  7. 7.  www.no-ip.com/ www.dnsdynamic.org/
  8. 8.  Net stat (cmd-> netstat –a) Close unused ports. Frequently monitor network traffic. Process Explorer SendBoxie

×