SlideShare a Scribd company logo

Lab3Lab3steps.docxScenario    The university has caught a .docx

Download as DOCX, PDF
S
smile790243

Lab3/Lab3steps.docx Scenario:     The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus-owned computer which this person was using.  The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder)     The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder).     One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org.  Some basic stuff about IDA can be found here: http://securityxploded.com/reversing-basics-ida-pro.php (Links to an external site.).  These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab. I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine).  When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder)     For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion.  Take a lot of screenshots Steps I’ve done: 1- I used command prompt to check the file using sigcheck tool 2- I checked in virustotal.com to see if it’s known 3- I used HxD to check the file hex-decimal and header and found “MZ” 4- I checked the file properties and information 5- I checked the file’s strings to see the codes and try to recognize some of them 6- I took a snapshot for the registry 7- I executed cdga.exe and took a second snapshot for the registry 8- I compared the two snapshots and found 193 changes 9- I used process monitor to monitor the process. Lab3/MohammedLab/CFFexplorer.JPG Lab3/MohammedLab/CFFexplorer1.JPG Lab3/MohammedLab/CFFexplorer2.JPG Lab3/MohammedLab/hxd1.JPG Lab3/MohammedLab/hxd2.JPG Lab3/MohammedLab/processmonitor1.JPG Lab3/MohammedLab/regshot1.JPG Lab3/MohammedLab/regshot2.JPG Lab3/MohammedLab/searchinvirustotal.JPG Lab3/MohammedLab/searchinvirustotal1.JPG Lab3/MohammedLab/searchinvirustotal2.JPG Lab3/MohammedLab/Sigcheck1.JPG Lab3/MohammedLab/strings1.JPG Lab3/MohammedLab/strings2.JPG Lab3/ShahadLab/1.JPG Lab3/ShahadLab/10.JPG Lab3/ShahadLab/11.JPG Lab3/ShahadLab/12.JPG Lab3/ShahadLab/13.JPG Lab3/ShahadLab/2.JPG Lab3/ShahadLab/3.JPG Lab3/ShahadLab/4.JPG Lab3/ShahadLab/5.JPG Lab3/ShahadLab/6.JPG Lab3/ShahadLab/7.JPG Lab3/ShahadLab/8.JPG Lab3/ShahadLab/9.JPG ...

Education
1 of 3
Lab3/Lab3steps.docx Scenario: The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus- owned computer which this person was using. The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder) The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder). One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here: http://securityxploded.com/reversing-basics-ida- pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab. I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine). When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder) For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion. Take a lot of screenshots Steps I’ve done: 1- I used command prompt to check the file using sigcheck tool 2- I checked in virustotal.com to see if it’s known
3- I used HxD to check the file hex-decimal and header and found “MZ” 4- I checked the file properties and information 5- I checked the file’s strings to see the codes and try to recognize some of them 6- I took a snapshot for the registry 7- I executed cdga.exe and took a second snapshot for the registry 8- I compared the two snapshots and found 193 changes 9- I used process monitor to monitor the process. Lab3/MohammedLab/CFFexplorer.JPG Lab3/MohammedLab/CFFexplorer1.JPG Lab3/MohammedLab/CFFexplorer2.JPG Lab3/MohammedLab/hxd1.JPG Lab3/MohammedLab/hxd2.JPG Lab3/MohammedLab/processmonitor1.JPG Lab3/MohammedLab/regshot1.JPG Lab3/MohammedLab/regshot2.JPG Lab3/MohammedLab/searchinvirustotal.JPG Lab3/MohammedLab/searchinvirustotal1.JPG Lab3/MohammedLab/searchinvirustotal2.JPG Lab3/MohammedLab/Sigcheck1.JPG Lab3/MohammedLab/strings1.JPG
Lab3/MohammedLab/strings2.JPG Lab3/ShahadLab/1.JPG Lab3/ShahadLab/10.JPG Lab3/ShahadLab/11.JPG Lab3/ShahadLab/12.JPG Lab3/ShahadLab/13.JPG Lab3/ShahadLab/2.JPG Lab3/ShahadLab/3.JPG Lab3/ShahadLab/4.JPG Lab3/ShahadLab/5.JPG Lab3/ShahadLab/6.JPG Lab3/ShahadLab/7.JPG Lab3/ShahadLab/8.JPG Lab3/ShahadLab/9.JPG

Recommended

Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Privileged file operations_bug_on_windows
Privileged file operations_bug_on_windowsPrivileged file operations_bug_on_windows
Privileged file operations_bug_on_windowsSai Lay
 
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Data Forensics Tool
Data Forensics ToolData Forensics Tool
Data Forensics ToolKartikey Chaturvedi
 
Assessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxAssessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcapFreddy Buenaño
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLaticiaGrissomzz
 

Recommended

Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Privileged file operations_bug_on_windows
Privileged file operations_bug_on_windowsPrivileged file operations_bug_on_windows
Privileged file operations_bug_on_windowsSai Lay
 
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Data Forensics Tool
Data Forensics ToolData Forensics Tool
Data Forensics ToolKartikey Chaturvedi
 
Assessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxAssessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcapFreddy Buenaño
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLaticiaGrissomzz
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Data hiding and finding on Linux
Data hiding and finding on LinuxData hiding and finding on Linux
Data hiding and finding on LinuxAnton Chuvakin
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Instructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping codeInstructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping codeImperial College, London
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]Phil Huggins FBCS CITP
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migrationjaya380
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 
Useful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsUseful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsSTC-Philadelphia Metro Chapter
 
Reproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesReproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesAnnika Eriksson
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Mc7404 np final
Mc7404 np finalMc7404 np final
Mc7404 np finalmoorthy muppidathi
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyWindows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyMichael Gough
 
Iwatch tech 1
Iwatch tech 1Iwatch tech 1
Iwatch tech 1ShailajaMca
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
CDS Filtering Program - User Manual
CDS Filtering Program - User ManualCDS Filtering Program - User Manual
CDS Filtering Program - User ManualYoann Pageaud
 
PART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docxPART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docxsmile790243
 
Part C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docxPart C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docxsmile790243
 

More Related Content

Similar to Lab3Lab3steps.docxScenario    The university has caught a .docx

841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Data hiding and finding on Linux
Data hiding and finding on LinuxData hiding and finding on Linux
Data hiding and finding on LinuxAnton Chuvakin
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Instructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping codeInstructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping codeImperial College, London
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]Phil Huggins FBCS CITP
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migrationjaya380
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 
Useful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsUseful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsSTC-Philadelphia Metro Chapter
 
Reproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesReproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesAnnika Eriksson
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyWindows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyMichael Gough
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
CDS Filtering Program - User Manual
CDS Filtering Program - User ManualCDS Filtering Program - User Manual
CDS Filtering Program - User ManualYoann Pageaud
 

Similar to Lab3Lab3steps.docxScenario    The university has caught a .docx (20)

841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by Azad
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
 
Data hiding and finding on Linux
Data hiding and finding on LinuxData hiding and finding on Linux
Data hiding and finding on Linux
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
 
Instructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping codeInstructions for using the phase wrapping and unwrapping code
Instructions for using the phase wrapping and unwrapping code
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migration
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Useful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsUseful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical Communicators
 
Reproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesReproducibility: 10 Simple Rules
Reproducibility: 10 Simple Rules
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Mc7404 np final
Mc7404 np finalMc7404 np final
Mc7404 np final
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyWindows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
 
Iwatch tech 1
Iwatch tech 1Iwatch tech 1
Iwatch tech 1
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
CDS Filtering Program - User Manual
CDS Filtering Program - User ManualCDS Filtering Program - User Manual
CDS Filtering Program - User Manual
 

More from smile790243

PART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docxPART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docxsmile790243
 
Part C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docxPart C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docxsmile790243
 
PART A You will create a media piece based around the theme of a.docx
PART A You will create a media piece based around the theme of a.docxPART A You will create a media piece based around the theme of a.docx
PART A You will create a media piece based around the theme of a.docxsmile790243
 
Part 4. Implications to Nursing Practice & Implication to Patien.docx
Part 4. Implications to Nursing Practice & Implication to Patien.docxPart 4. Implications to Nursing Practice & Implication to Patien.docx
Part 4. Implications to Nursing Practice & Implication to Patien.docxsmile790243
 
PART AHepatitis C is a chronic liver infection that can be e.docx
PART AHepatitis C is a chronic liver infection that can be e.docxPART AHepatitis C is a chronic liver infection that can be e.docx
PART AHepatitis C is a chronic liver infection that can be e.docxsmile790243
 
Part A post your answer to the following question1. How m.docx
Part A post your answer to the following question1. How m.docxPart A post your answer to the following question1. How m.docx
Part A post your answer to the following question1. How m.docxsmile790243
 
PART BPlease response to these two original posts below..docx
PART BPlease response to these two original posts below..docxPART BPlease response to these two original posts below..docx
PART BPlease response to these two original posts below..docxsmile790243
 
Part A (50 Points)Various men and women throughout history .docx
Part A (50 Points)Various men and women throughout history .docxPart A (50 Points)Various men and women throughout history .docx
Part A (50 Points)Various men and women throughout history .docxsmile790243
 
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docx
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docxPart A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docx
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docxsmile790243
 
Part A Develop an original age-appropriate activity for your .docx
Part A Develop an original age-appropriate activity for your .docxPart A Develop an original age-appropriate activity for your .docx
Part A Develop an original age-appropriate activity for your .docxsmile790243
 
Part 3 Social Situations2. Identify multicultural challenges th.docx
Part 3 Social Situations2. Identify multicultural challenges th.docxPart 3 Social Situations2. Identify multicultural challenges th.docx
Part 3 Social Situations2. Identify multicultural challenges th.docxsmile790243
 
Part A (1000 words) Annotated Bibliography - Create an annota.docx
Part A (1000 words) Annotated Bibliography - Create an annota.docxPart A (1000 words) Annotated Bibliography - Create an annota.docx
Part A (1000 words) Annotated Bibliography - Create an annota.docxsmile790243
 
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docx
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docxPart 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docx
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docxsmile790243
 
Part 3 Social Situations • Proposal paper which identifies multicul.docx
Part 3 Social Situations • Proposal paper which identifies multicul.docxPart 3 Social Situations • Proposal paper which identifies multicul.docx
Part 3 Social Situations • Proposal paper which identifies multicul.docxsmile790243
 
Part 3 Social Situations 2. Identify multicultural challenges that .docx
Part 3 Social Situations 2. Identify multicultural challenges that .docxPart 3 Social Situations 2. Identify multicultural challenges that .docx
Part 3 Social Situations 2. Identify multicultural challenges that .docxsmile790243
 
Part 2The client is a 32-year-old Hispanic American male who c.docx
Part 2The client is a 32-year-old Hispanic American male who c.docxPart 2The client is a 32-year-old Hispanic American male who c.docx
Part 2The client is a 32-year-old Hispanic American male who c.docxsmile790243
 
Part 2For this section of the template, focus on gathering deta.docx
Part 2For this section of the template, focus on gathering deta.docxPart 2For this section of the template, focus on gathering deta.docx
Part 2For this section of the template, focus on gathering deta.docxsmile790243
 
Part 2 Observation Summary and Analysis • Summary paper of observat.docx
Part 2 Observation Summary and Analysis • Summary paper of observat.docxPart 2 Observation Summary and Analysis • Summary paper of observat.docx
Part 2 Observation Summary and Analysis • Summary paper of observat.docxsmile790243
 
Part 2 Observation Summary and Analysis 1. Review and implement any.docx
Part 2 Observation Summary and Analysis 1. Review and implement any.docxPart 2 Observation Summary and Analysis 1. Review and implement any.docx
Part 2 Observation Summary and Analysis 1. Review and implement any.docxsmile790243
 
Part 2Data collectionfrom your change study initiative,.docx
Part 2Data collectionfrom your change study initiative,.docxPart 2Data collectionfrom your change study initiative,.docx
Part 2Data collectionfrom your change study initiative,.docxsmile790243
 

More from smile790243 (20)

PART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docxPART B Please response to these two original posts below. Wh.docx
PART B Please response to these two original posts below. Wh.docx
 
Part C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docxPart C Developing Your Design SolutionThe Production Cycle.docx
Part C Developing Your Design SolutionThe Production Cycle.docx
 
PART A You will create a media piece based around the theme of a.docx
PART A You will create a media piece based around the theme of a.docxPART A You will create a media piece based around the theme of a.docx
PART A You will create a media piece based around the theme of a.docx
 
Part 4. Implications to Nursing Practice & Implication to Patien.docx
Part 4. Implications to Nursing Practice & Implication to Patien.docxPart 4. Implications to Nursing Practice & Implication to Patien.docx
Part 4. Implications to Nursing Practice & Implication to Patien.docx
 
PART AHepatitis C is a chronic liver infection that can be e.docx
PART AHepatitis C is a chronic liver infection that can be e.docxPART AHepatitis C is a chronic liver infection that can be e.docx
PART AHepatitis C is a chronic liver infection that can be e.docx
 
Part A post your answer to the following question1. How m.docx
Part A post your answer to the following question1. How m.docxPart A post your answer to the following question1. How m.docx
Part A post your answer to the following question1. How m.docx
 
PART BPlease response to these two original posts below..docx
PART BPlease response to these two original posts below..docxPART BPlease response to these two original posts below..docx
PART BPlease response to these two original posts below..docx
 
Part A (50 Points)Various men and women throughout history .docx
Part A (50 Points)Various men and women throughout history .docxPart A (50 Points)Various men and women throughout history .docx
Part A (50 Points)Various men and women throughout history .docx
 
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docx
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docxPart A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docx
Part A1. K2. D3. N4. C5. A6. O7. F8. Q9. H10..docx
 
Part A Develop an original age-appropriate activity for your .docx
Part A Develop an original age-appropriate activity for your .docxPart A Develop an original age-appropriate activity for your .docx
Part A Develop an original age-appropriate activity for your .docx
 
Part 3 Social Situations2. Identify multicultural challenges th.docx
Part 3 Social Situations2. Identify multicultural challenges th.docxPart 3 Social Situations2. Identify multicultural challenges th.docx
Part 3 Social Situations2. Identify multicultural challenges th.docx
 
Part A (1000 words) Annotated Bibliography - Create an annota.docx
Part A (1000 words) Annotated Bibliography - Create an annota.docxPart A (1000 words) Annotated Bibliography - Create an annota.docx
Part A (1000 words) Annotated Bibliography - Create an annota.docx
 
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docx
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docxPart 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docx
Part 6 Disseminating Results Create a 5-minute, 5- to 6-sli.docx
 
Part 3 Social Situations • Proposal paper which identifies multicul.docx
Part 3 Social Situations • Proposal paper which identifies multicul.docxPart 3 Social Situations • Proposal paper which identifies multicul.docx
Part 3 Social Situations • Proposal paper which identifies multicul.docx
 
Part 3 Social Situations 2. Identify multicultural challenges that .docx
Part 3 Social Situations 2. Identify multicultural challenges that .docxPart 3 Social Situations 2. Identify multicultural challenges that .docx
Part 3 Social Situations 2. Identify multicultural challenges that .docx
 
Part 2The client is a 32-year-old Hispanic American male who c.docx
Part 2The client is a 32-year-old Hispanic American male who c.docxPart 2The client is a 32-year-old Hispanic American male who c.docx
Part 2The client is a 32-year-old Hispanic American male who c.docx
 
Part 2For this section of the template, focus on gathering deta.docx
Part 2For this section of the template, focus on gathering deta.docxPart 2For this section of the template, focus on gathering deta.docx
Part 2For this section of the template, focus on gathering deta.docx
 
Part 2 Observation Summary and Analysis • Summary paper of observat.docx
Part 2 Observation Summary and Analysis • Summary paper of observat.docxPart 2 Observation Summary and Analysis • Summary paper of observat.docx
Part 2 Observation Summary and Analysis • Summary paper of observat.docx
 
Part 2 Observation Summary and Analysis 1. Review and implement any.docx
Part 2 Observation Summary and Analysis 1. Review and implement any.docxPart 2 Observation Summary and Analysis 1. Review and implement any.docx
Part 2 Observation Summary and Analysis 1. Review and implement any.docx
 
Part 2Data collectionfrom your change study initiative,.docx
Part 2Data collectionfrom your change study initiative,.docxPart 2Data collectionfrom your change study initiative,.docx
Part 2Data collectionfrom your change study initiative,.docx
 

Recently uploaded

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 

Recently uploaded (20)

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 

Lab3Lab3steps.docxScenario    The university has caught a .docx

  • 1. Lab3/Lab3steps.docx Scenario: The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus- owned computer which this person was using. The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder) The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder). One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here: http://securityxploded.com/reversing-basics-ida- pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab. I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine). When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder) For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion. Take a lot of screenshots Steps I’ve done: 1- I used command prompt to check the file using sigcheck tool 2- I checked in virustotal.com to see if it’s known
  • 2. 3- I used HxD to check the file hex-decimal and header and found “MZ” 4- I checked the file properties and information 5- I checked the file’s strings to see the codes and try to recognize some of them 6- I took a snapshot for the registry 7- I executed cdga.exe and took a second snapshot for the registry 8- I compared the two snapshots and found 193 changes 9- I used process monitor to monitor the process. Lab3/MohammedLab/CFFexplorer.JPG Lab3/MohammedLab/CFFexplorer1.JPG Lab3/MohammedLab/CFFexplorer2.JPG Lab3/MohammedLab/hxd1.JPG Lab3/MohammedLab/hxd2.JPG Lab3/MohammedLab/processmonitor1.JPG Lab3/MohammedLab/regshot1.JPG Lab3/MohammedLab/regshot2.JPG Lab3/MohammedLab/searchinvirustotal.JPG Lab3/MohammedLab/searchinvirustotal1.JPG Lab3/MohammedLab/searchinvirustotal2.JPG Lab3/MohammedLab/Sigcheck1.JPG Lab3/MohammedLab/strings1.JPG