Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker

1,055 views

Published on

More info on http://techdays.be.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,055
On SlideShare
0
From Embeds
0
Number of Embeds
242
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Show service GOOD.exe -> Reboot Client[SRV]AccountrenameFirewall (Not) MonitoringRegistry MonitorClient should be alreadybootedReboot Server for PSPY.dll
  • [20]
  • [CLIENT]OfflineRename GOOD to BAD
  • [CLIENT]Utilman – renamesfc /verifyonly[SRV]Pspy - load
  • After utilman.exe -> Get.cmd -> Change the identitystore
  • [30]
  • Procmon – PWNED by the Cat -> What/Why?
  • Procexp -> lsass.exe -> loaded
  • Network MinerNetwork MonitorLogman start –ets | -o .etl –p <TRACE>Logman stop –etsTracerpt .etl –o .txt
  • [40 - 45]
  • ;->1. Debugger running -> PIPE=Debug!
  • Debugger running -> PIPE=W7!Start W7-CLI -> KerneldebuggingWEB->W7 audiodg.exe, notepad.exeSymbol Type Viewer
  • Mimi online
  • Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker

    1. 1. Crouching Admin, Hidden Hacker Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect
    2. 2. Contact Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect paula@cqure.pl | paula@idesign.net http://idesign.net
    3. 3. Session GoalsBe familiar with the possibilies of the operating system
    4. 4. Agenda
    5. 5. Operating System Accountability
    6. 6. Agenda
    7. 7. Operating System LoggingMechanisms http://www.clearci.com
    8. 8. Logs Less & MoreAdvanced
    9. 9. Hacker’s Delivery
    10. 10. Services & ACLsdemo
    11. 11. Replacing Files
    12. 12. "Vulnerabilities"demo
    13. 13. Launching Evil Code
    14. 14. http://stderr.pl/cqure/stuxnet.zip
    15. 15. Services (In)Security
    16. 16. From A to Z - DLLs
    17. 17. Kernel Traces
    18. 18. Areas of Focus
    19. 19. Agenda
    20. 20. Dirty Games: Hiding Mechanisms
    21. 21. Hidden Processes
    22. 22. Dirty Games: Protection Mechanisms
    23. 23. Protected Processes
    24. 24. Dirty Games: Hooks
    25. 25. Hooking
    26. 26. 3 of 10 Immutable Laws of Security
    27. 27. Agenda
    28. 28. Summary

    ×