Your SlideShare is downloading. ×
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker

535
views

Published on

More info on http://techdays.be.

More info on http://techdays.be.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
535
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Show service GOOD.exe -> Reboot Client[SRV]AccountrenameFirewall (Not) MonitoringRegistry MonitorClient should be alreadybootedReboot Server for PSPY.dll
  • [20]
  • [CLIENT]OfflineRename GOOD to BAD
  • [CLIENT]Utilman – renamesfc /verifyonly[SRV]Pspy - load
  • After utilman.exe -> Get.cmd -> Change the identitystore
  • [30]
  • Procmon – PWNED by the Cat -> What/Why?
  • Procexp -> lsass.exe -> loaded
  • Network MinerNetwork MonitorLogman start –ets | -o .etl –p <TRACE>Logman stop –etsTracerpt .etl –o .txt
  • [40 - 45]
  • ;->1. Debugger running -> PIPE=Debug!
  • Debugger running -> PIPE=W7!Start W7-CLI -> KerneldebuggingWEB->W7 audiodg.exe, notepad.exeSymbol Type Viewer
  • Mimi online
  • Transcript

    • 1. Crouching Admin, Hidden Hacker Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect
    • 2. Contact Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect paula@cqure.pl | paula@idesign.net http://idesign.net
    • 3. Session GoalsBe familiar with the possibilies of the operating system
    • 4. Agenda
    • 5. Operating System Accountability
    • 6. Agenda
    • 7. Operating System LoggingMechanisms http://www.clearci.com
    • 8. Logs Less & MoreAdvanced
    • 9. Hacker’s Delivery
    • 10. Services & ACLsdemo
    • 11. Replacing Files
    • 12. "Vulnerabilities"demo
    • 13. Launching Evil Code
    • 14. http://stderr.pl/cqure/stuxnet.zip
    • 15. Services (In)Security
    • 16. From A to Z - DLLs
    • 17. Kernel Traces
    • 18. Areas of Focus
    • 19. Agenda
    • 20. Dirty Games: Hiding Mechanisms
    • 21. Hidden Processes
    • 22. Dirty Games: Protection Mechanisms
    • 23. Protected Processes
    • 24. Dirty Games: Hooks
    • 25. Hooking
    • 26. 3 of 10 Immutable Laws of Security
    • 27. Agenda
    • 28. Summary