Hacking with Remote Admin Tools (RAT)

40,973 views

Published on

This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.

Published in: Technology
0 Comments
13 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
40,973
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
544
Comments
0
Likes
13
Embeds 0
No embeds

No notes for slide

Hacking with Remote Admin Tools (RAT)

  1. 1. Hacking with Remote Admin Tools (RATs) Zoltan Balazs CTO @MRG Effitas Budapest IT Security Meetup January 2014
  2. 2. Remote admin tools Could be legitimate Usually it is not All the features for remote administration Upload/download files Registry editor Shell commands Remote desktop Using RAT might be illegal, and might be considered as a crime! Don’t try this at home!
  3. 3. Why are these skiddie toolz important? Only pentesters use meterpreter Script kiddies use RATs Not just "1337 |-|4x0r5” use RATs! Know your enemy! Malware incident response Forensic investigation
  4. 4. Typical RAT scenario
  5. 5. 1998
  6. 6. DEF CON 6 on August 1, 1998
  7. 7. Dictionary to skiddie language Skiddie world server client FUD cryptor private/elite/gold version Average world client malware on victim server code @skiddie Fully UnDetectable some lame packer full version (not demo)
  8. 8. Tutorialz for script bunniez How to fail at OPSEC? https://www.youtube.com/results? search_query=setup+rat+tutorial http://www.youtube.com/watch?v =NkkqPLVscC4
  9. 9. #opsecfail
  10. 10. #opsecfail
  11. 11. #opsecfail
  12. 12. #opsecfail
  13. 13. #opsecfail
  14. 14. The skiddie’s youtube list on Cyber Threat Task Force (google cache only)
  15. 15. But a script kitty’s life is not just about work But FUN as well!
  16. 16. Fun manager - Fun menu
  17. 17. Extra fun
  18. 18. Fun feature 3
  19. 19. Fun feature 4 – Matrix chat
  20. 20. Fun feature 5
  21. 21. Ultimate fun …
  22. 22. Ultimate fun feature 6 - Piano
  23. 23. Hacking Internet Explorer
  24. 24. Scary features
  25. 25. Scary feature 1 DLL inject into iexplore.exe Proxy aware Transparent proxy authentication Local software firewall bypass No new process running
  26. 26. Scary feature 2 – Melt/uninstall Melt server deletes the dropper No wipe Forensics restoration possible Uninstall server deletes the persistence file No wipe Forensics restoration possible
  27. 27. Scary feature - Alternate data stream
  28. 28. Scary feature 3 - Anti AV
  29. 29. Scary feature 4 – Anti VM, Anti sandbox
  30. 30. Private/elite version Downloading and running binaries from people like this is a bad idea! hxxp://www.theatregelap.com/2012/06/xtreme rat-v-36-private.html
  31. 31. JRAT Multiplatform Evade some software firewalls (java.exe allowed) Easier to obfuscate Screenshots ©Symantec
  32. 32. AndroRAT © VRT Snort blog
  33. 33. Cryptor
  34. 34. High profile attacks
  35. 35. High profile attacks

×