🦹
CYBERSECURITY BOOK
  • 👽CS && PEN-TESTING BOOK
    • 🔍Reconnaissance
      • 🈴Passive Recon
        • M365/Azure Tenant Recon
          • MSFTRecon
        • 🕵️OSINT
          • Data Breach and Leaks Resources
          • OSINT Tools and Resources
          • Shodan
          • Creepy
          • The US Army manual ATP 2-22.9
          • NATO OSINT manual
          • Twitter Geolocation
          • Geotagging: GeoSocial Footprint
          • Bitcoin Address Lookup
          • Google Docs OSINT
          • Monitoring Tools
          • TOR Onion Links
          • Phone Numbers
          • Mitaka - In-Browser Tool
          • Russian Target
          • FTP Servers
          • War Related
        • 🎟️ADINT
          • Surveillance
        • 🗺️GEOINT
          • Methodology
          • SunCalc - Geospatial OSINT using shadows
        • ☢️SIGINT
          • Methodology
          • Wifi
            • Kismet
        • ⛓️DNS Recon and Route Mapping
        • 👨‍💼Obtain User Information
        • 🕸️Web Recon
        • 🕷️Scraping Crypto Addresses
        • File Sharing Services
      • ☢️Active Recon
        • 🐹Stealth Scanning Strategies
        • 🏭Identify Network Infrastructure
        • 💻Host Enumeration
        • ⛷️Sparta
        • 🧩Fuzzing
          • ❄️Wfuzz
          • Fuzzing Applications
          • Linux Kernel Fuzzing
          • Fuzzing Chrome V8 Engine
      • ☦️Doxing
        • Doxing Anyone
        • Gmail Address
      • 🎥Surveillance
        • Location Tracking Techniques
    • 🔢Enumeration
      • 🔅Protocols and Ports
        • 21 - FTP
        • 22 - SSH
        • 23 - Telnet
        • 25, 465 - SMTP
        • 110, 143 - POP3, IMAP4
        • 1521 - Oracle DB Server
        • 3306 - Mysql
        • 2375 - Docker
        • 8080, 50000 - Jenkins
        • 80, 443 - HTTP, HTTPS
        • 3389 - RDP
        • 5900 - VNC
        • 445 - SMB
        • 161 UDP - SNMP
        • 11211 - Memcached
        • 2049 - NFS
      • 🐧Linux - POST
      • 🪟Windows - POST
      • 🕸️Web Apps
        • Directory Enumeration
        • Identify Virtual Websites
    • ☮️Public Exploits
      • Look for Public Exploits
      • Metasploit
    • 🕎Vulnerability Scanning
      • ⚛️Nuclei
      • ⛵Tsunami Security Scanner
      • Hunting and Exploiting Vulnerable Windows Drivers
    • 🕳️Tunneling & Exfiltration
      • SSH Tunneling
      • ICMP Exfiltration
      • DNS Exfiltration
      • DNS Tunneling
      • TCP/UDP Tunneling
      • CloudFlare Tunnel
      • SOCKS
      • Ngrok - Port Forwarding
      • CURL - Exfiltration
      • Rclone - Data Exfiltration
      • Data Bouncing - External Data Exfiltration
    • Backdoors
      • Asymmetric Backdoor
    • 🎣Pivoting (Post Exploitation)
      • Using Metasploit
      • SOCKS, SSH - Pivoting
      • Remote Port Forwarding
      • Tool - Chisel
      • Chisel - Double Pivoting
      • Bypassing Firewall with Forward Relays
      • Reverse Relays - Metasploit
      • Pivoting using Ligolo-Ng
    • 🎯Active Directory Pentesting
      • 🔑Crendentials
        • Group Policy Preferences
        • LLMNR Poisoning
        • LDAP (Post)
        • Brute Force
        • LAPS Toolkit
        • PFX File
      • 🐕‍🦺Kerberos Attacks
        • ASREProast
        • Kerberoast
        • Pass the Certificate
      • 🏁AD Post Exploitation
        • Active Directory Post Exploitation
      • ℹ️Introduction to Identities
      • 🔧Testing Active Directory
      • 🎓Advanced Penetration Testing
      • 🔧Automated Tools
        • ADCS Exploitation Tool
        • BadSuccessor – Full Active Directory Compromise
      • Hacking Active Directory Environment
        • 🕵️Enumeration
        • 🦸Exploitation
        • 🚪Privilege Escalation
      • Windows and Active Directory Attacks
        • Shared Local Administrator Password
        • NTLM/SMB Relay
    • 🐳Docker
      • Docker Container
      • Expose Docker Remotely
    • ☸️Kubernetes
      • Basic Commands
    • 🙅‍♂️Social Engineering
      • 🗺️Location Phishing
      • 🧘‍♂️0-Click Email Attack
      • 🐧Binary Linux Trojan
      • 📧Phishing Mail
      • 📁Malicious File
      • ♉Malicious USB Drive
      • 📩Spear-Phishing Methods (VIP)
      • 🧑‍💼Insider Attack
      • Wifi Phishing - Wifiphisher
      • 🔐MFA Bypass
      • Link Attacks
      • 📋Clipboard Hijacking (Post)
      • Copy-Paste Spoofing
    • 🗺️CEH Mindmaps
      • ℹ️Recon and Information Gathering
        • Lab 1: Perform Footprinting Through Search Engines
          • Task 1: Gather Information using Advanced Google Hacking Techniques
          • Task 2: Gather Information from Video Search Engines
          • Task 3: Gather Information from FTP Search Engines
          • Task 4: Gather Information from IoT Search Engines
        • Lab 2: Perform Footprinting Through Web Services
          • Task 1: Find the Company's Domains and Sub-domains using Netcraft
          • Task 2: Gather Personal Information using PeekYou Online People Search Service
          • Task 3: Gather an Email List using theHarvester
          • Task 4: Gather Information using Deep and Dark Web Searching
          • Task 5: Determine Target OS Through Passive Footprinting
        • Lab 3: Perform Footprinting Through Social Networking Sites
          • Task 1: Gather Employee's Information from LinkedIn using theHarvester
          • Task 2: Gather Personal Information from Various Social Networking Sites using Sherlock
          • Task3: Gather Information using Followerwonk
        • Lab 4: Perform Website Footprinting
          • Task 1: Gather Information About a Target Website using Ping Command Line Utility
          • Task 2: Gather Information About a Target Website using Photon
          • Task 3: Gather Information About a Target Website using Central Ops
          • Task 4: Extract a Company's Data using Web Data Extractor
          • Task 5: Mirror a Target Website using HTTrack Web Site Copier
          • Task 6: Gather Information About a Target Website using GRecon
          • Task 7: Gather a Wordlist from the Target Website using CeWL
        • Lab 5: Perform Email Footprinting
          • Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro
        • Lab 6: Perform Whois Footprinting
          • Task 1: Perform Whois Lookup using DomainTools
        • Lab 7: Perform DNS Footprinting
          • Task 1: Gather DNS Information using nslookup Command Line Utility and Online
          • Task 2: Perform Reverse DNS Lookup using Reverse IP Domain Check and DNSRecon
          • Task 3: Gather Information of Subdomain and DNS Records using SecurityTrails
        • Lab 8: Perform Network Footprinting
          • Task 1: Locate Network Range
          • Task 2: Perform Network Tracerouting in Windows and Linux Machines
          • Task 3: Perform Advanced Network Route Tracing Using Path Analyzer Pro
        • Lab 9: Perform Footprinting using Various Footprinting Tools
          • Task 1: Footprinting a Target using Recon-ng
          • Task 2: Footprinting a Target using Maltego
          • Task 3: Footprinting a Target using OSRFramework
          • Task 4: Footprinting a Target using FOCA
          • Task 5: Footprinting a Target using BillCipher
          • Task 6: Footprint a Target using OSNIT Framework
      • 🔄Network Scanning
        • Tasks
      • 🔢Enumeration
        • Tasks
      • 👨‍🔧Vulnerability Analysis
        • Tasks
      • 🦸System Hacking
        • Tasks
      • *️Malware Analysis
        • Tasks
      • ❄️Sniffing
        • Tasks
      • 🧑‍🤝‍🧑Social Engineering
        • Tasks
      • 🚫Denial of Service
        • Tasks
      • 🛩️Session Hijacking
        • Tasks
      • 🆔Evading IDS, Firewalls, and Honeypots
        • Tasks
      • 🖥️Web Server Hacking
        • Tasks
      • 🕸️Web Application Hacking
        • Tasks
      • 💉SQL Injection
        • Tasks
      • 👁️‍🗨️Wireless Network Hacking
        • Tasks
      • 📱Mobile Hacking
        • Tasks
      • 👨‍🔬IoT and OT Hacking
        • Tasks
      • ☁️Cloud Computing
        • Tasks
      • 🔏Cryptography
        • Tasks
    • 🗾CND Mindmaps
    • 👿Vulnerability Research
      • 👨‍💻Code Review
    • 📶Network Security
      • 🦝Installing and Configuring Network Based IDS In Ubuntu: Suricata
      • 🏛️OpenSSL
      • 👩‍🚒Active Directory
        • LAPS
    • 🛂Port Forwarding
      • 🐧Linux
      • 🪟Windows
      • 🔄Router
    • 👾API Testing
      • Reverse Engineering
        • Reverse Engineer an API using MITMWEB and POSTMAN
      • API Hacking Basics
        • Practicals
      • 🕵️‍♂️API Recon
      • 📄API Documentation
        • ⚗️Lab: Exploiting an API endpoint using documentation
      • 👨‍🎤Identifying and Interacting with API Endpoint
        • ⚗️Lab: Finding and exploiting an unused API endpoint
      • 🦮Finding Hidden Parameters
      • 🍷Mass assignment vulnerabilities
        • ⚗️Lab: Exploiting a mass assignment vulnerability
      • ✅Preventing vulnerabilities in APIs
      • 😷Server-side parameter pollution
      • 🕵️‍♂️Testing for server-side parameter pollution in the query string
        • ⚗️Lab: Exploiting server-side parameter pollution in a query string
      • 🛣️Testing for server-side parameter pollution in REST paths
      • 🚧Testing for server-side parameter pollution in structured data formats
        • ⚗️Lab: Exploiting server-side parameter pollution in a REST URL
      • 👨‍🚀Testing with automated tools
      • 🚨Preventing server-side parameter pollution
    • 🕸️Web App Pentesting Notes
      • 🧰Web App Pentesting Tools
        • Fuzzing: ffuf Tool
        • Nosql Injection: NoSqlMap
        • Kiterunner
        • Burp Suite
      • ❌XSS and XSRF Together
      • 💉NoSQL Injection
        • NoSQL Databases
        • NoSQL syntax injection
        • NoSQL operator injection
        • Exploit Syntax Injection to Extract Data
        • Exploiting NoSQL operator injection to extract data
        • Timing based injection
        • Preventing NoSQL injection
      • 🧙Cross Site Request Forgery
      • 📼Hidden Parameter Discovery
      • 📌SSTI : Server Side Template Injection
        • Lab: Basic server-side template injection
        • Lab: Basic server-side template injection (code context)
        • Lab: Server-side template injection using documentation
        • Lab: Server-side template injection in an unknown language with a documented exploit
        • Lab: Server-side template injection with information disclosure via user-supplied objects
      • 💎JWT Attack
        • Exploiting flawed JWT signature verification
        • Brute-forcing secret keys
        • JWT header parameter injections
        • Prevent JWT attacks
      • 📊GraphQL API Vulnerabilities
        • Exploiting Unsanitized Arguments
        • Discovering Schema Information
          • Lab: Accessing private GraphQL posts
          • Lab: Accidental exposure of private GraphQL fields
        • Bypassing GraphQL introspection defenses
          • Lab: Finding a hidden GraphQL endpoint
        • Bypassing rate limiting using aliases
          • Lab: Bypassing GraphQL brute force protections
        • GraphQL CSRF
          • Lab: Performing CSRF exploits over GraphQL
      • 🔏Authentication Vulnerabilities
      • 🏇Race Conditions
        • Limit overrun race conditions
        • Multi Endpoint Race Conditions
        • Single Endpoint Race Conditions
        • Time Sensitive Attacks
      • 🧠LLM Attacks
        • Exploiting LLM APIs, functions, and plugins
        • Indirect Prompt Injection
      • ☸️Host Header Attacks
        • Testing for Vulnerability
        • Password Reset Poisoning
        • Web Cache Poisoning
        • Accessing Restricted Functionality
    • 🛩️Wireless Hacking
      • Zigbee Attacks
      • Wifi Attacks
        • Hack WPA2 Networks
        • Automated: Wifite
      • Bluetooth Attacks
        • BlueDucky Script
      • RFID Attacks
    • 🏁CEH Engage Walkthroughs
      • 1️⃣CEH Engage Part 1
      • 2️⃣CEH Engage Part 2
      • 3️⃣CEH Engage Part 3
      • 4️⃣CEH Engage Part 4
    • 🎃Evasion
      • OWASP-ZSC
      • AMSI Bypass
      • Windows Evasion
      • Windows Defender Application Control (WDAC): Killing EDR
      • InvisibilityCloak - C# Obfuscation Toolkit
    • 🚪Post exploitation
      • 🛬Living Off The Land Tools
      • 🥝Mimikatz
      • 🐧Privilege escalation: Linux
      • 🪟Privilege escalation: Windows
      • 👾PAC Tempering
      • Amnesiac - EDR Bypass
      • GraphRunner: A Post-Exploitation Toolset for Microsoft 365
    • 🔓Hashing & Password Cracking
      • Hashing
      • Custom Wordlist
      • Hydra
      • John
      • Windows - Local Password Cracking
      • Password Cracking using Rules
    • 📒Hacking Cheat Sheets
      • 🔍Recon Cheatsheet
      • 🔢Enumeration Cheatsheet
      • 🐚Shells and Reverse Shells Cheat Sheet
      • 🐮Meterpreter Cheat Sheet
      • ☄️Powershell Commands Cheat Sheet
      • 💉Command Injection Cheat Sheet
      • 🪡SQL Injection Cheat Sheet
      • 🐮Metasploit Cheat Sheet
      • 🧰Ethical Hacking Tools
      • 🐧Linux Hacking Basics
      • 🔺MSFVenom
    • 🏇CEH Practical
      • CEH Practical Tools
      • 🔍Network Scanning
      • 🐕‍🦺Service Enumeration
      • 🖊️Stegnography
      • 🔓Cryptography
      • 🕸️Web and Android Hacking
      • 🚪Privilege Escalation
      • 🦄Malware Threats
    • ☁️Cloud Pentesting
      • ✏️AWS Pentesting
        • 🌆AWS Environments
          • Identity and Access Management
          • Identity Based Policies
          • Resource Based Policy
          • Untitled
        • 🧰Tools
          • AWS CLI
          • Pacu
          • Prowler
          • Cloudsplaining
        • Attacks & Methodology
          • 👨‍🔬Exploiting AWS Misconfigurations
          • AWS Pentest Methodology
        • Initial Access
          • Public Access
          • Leaked Secrets
          • Phishing
          • Resource Exploitation
        • Post-Compromise Recon
          • AWS Command Line
          • Resource Enumeration
          • IAM Policy Enumeration
          • Identifying Public Resources
        • S3 Buckets
          • S3 Bucket Misconfiguration
      • 🅰️Azure Pentesting
        • Azure Attack Matrix
        • Stealing Access Tokens
        • Lateral Movement - Skeleton Key Attack
    • 🪟Windows Security
      • 🕵️‍♂️Recon
        • Host Discovery
        • SMB
        • MSSQL
        • IIS
      • 🦹Exploitation
        • CMD Commands
      • 🚪Post Exploitation
        • Dump Password Hashes
        • Mimikatz
      • 🦕Persistence (Post)
        • User Accounts, Hash Cracking, RID Hijacking
        • Backdoors
        • Services
        • Scheduled Tasks
        • Windows Startup
    • 🐧Linux Security
      • 🏋️‍♂️Privilege Escalation
        • 1️⃣1⃣ 1⃣ Exploiting Setuid Programs
        • 2️⃣2⃣ 2⃣ Cron Jobs
        • 3️⃣3⃣ 3⃣ Permissions
        • 4️⃣4⃣ 4⃣ Logs
        • 5️⃣5⃣ 5⃣ Restricted Shell
      • Persistence
        • D3m0n1z3dShell
    • 🍎MacOS Security
      • Endpoint Security
        • eslogger
      • Gaining Access
        • Setup and weaponize Mythic C2 using DarwinOps to target MacOS
    • 📱Android Security
      • Android Pentesting Notes
      • Android Application Pentesting Part 1
        • Static Analysis
        • Dynamic Analysis
      • Android Application Pentesting Part 2
        • Aspects of Android Security
        • Static Application Testing
        • Dynamic Application Testing - Part 1
        • Platform Interaction Testing
        • Dynamic Application Testing - Part 2
        • OWASP Top 10
      • Mobile Application Pentesting Part 3
        • Mobile Security Controls
        • Dynamic Analysis
        • Static Code Analysis
        • Insecure Data Storage
        • Runtime Security
    • 🍎iOS Security
      • iOS Application Analysis
    • 🧾Scripting
      • 💎Ruby
        • Basics
        • Object Types
      • 🐍Python
        • Web Scrapping Scripts
      • 🐧Bash
      • 🐪Perl
      • 🐘PHP
    • 🐉Reverse Engineering & Malware Analysis
      • RE Preparation
        • RE Process
        • Malware Analysis Tools
        • Malware Components: Windows
      • Shellcode Analysis
        • Automated Extraction
      • 1️⃣Disassembly and Disassembler
      • 2️⃣Binary Analysis
      • 🐧Linux ELF Format
      • ♎Yara Guide
      • 📱Android Reverse Engineering
        • Spyware Reverse Engineering
      • 📲Mobile Applications
        • Flutter Mobile Apps
    • 🌠Protocol Exploitation
      • ARP
      • DNS
      • VoIP
    • 🛜Network Pentesting
      • SNMP - Authentification
    • 👮Digital Forensics & Incident Response
      • 📩Email Forensics
        • Callback Phishing
        • Business Email Compromise Investigations
          • Investigating using Hawk
          • Microsoft Defender Explorer
      • 💸Ransomware Forensics
        • Decrypting Intermittent Encryption
      • 💱Blockchain Forensics
        • 🍾Frontrunning/Sandwich Bot Finder
      • 📝Memory Forensics
        • Process
        • Memory Analysis - Volatility3
      • ☄️Network Forensics
        • Pcap Analysis
      • 🪟Windows Forensics
        • NTDS Secret Extraction
        • Detecting Hidden Processes
        • Analyzing Prefetch Files
        • Windows MFT Parsing
        • USN Journal Forensics
      • 📼Media Forensics
        • Rubber Ducky Analysis
        • RDP Bitmap Cache
        • USB Event Tracking
      • 🧙Forensic Imaging
        • Image Analysis: Autopsy
      • 🪅Data Collection
        • 🪟Windows
        • 🐧Unix/Linux
      • 🔏Privacy Research
        • Deanonymization - TOR Hidden Services
        • Deanonymization - Flash Code
        • Dark Web - OSINT
        • Dark Web Investigation
      • 🕸️Web Investigations
        • Investigating Favicon Hashes
      • 🏴‍☠️Threat Detection
        • Reading Clipboard Data via Powershell
        • Detection of Windows Defender Tampering via Powershell
        • Detection of Remote Template Injection
    • 🦋Cisco Attacks
      • Decrypting Type 5 Cisco Passwords
    • 🐼CVE's
      • libssh 0.8.1 - CVE 2018-10933
      • proftpd-1.3.3c-backdoor
      • zerologon - CVE-2020-1472
      • Apache Ghostcat - CVE 2020-1938
      • Spring Authorization Bypass - CVE 2024-38821
      • Apache Solr - CVE-2024-45216
      • Bypassing Mark of the Web with 7zip CVE-2025-0411
      • CVE-2025-24054, NTLM Exploit in the Wild
    • 🐛OWASP TOP 10
      • LLM
        • OWASP Top 10 for LLM Applications
      • Machine Learning
        • OWASP Machine Learning Security Top Ten
      • 🕸️WEB
        • 1️⃣A01:2021 – Broken Access Control
        • 2️⃣A02:2021 – Cryptographic Failures
        • 3️⃣A03:2021 – Injection
        • 4️⃣A04:2021 – Insecure Design
        • 5️⃣A05:2021 – Security Misconfiguration
        • 6️⃣A06:2021 – Vulnerable and Outdated Components
        • 7️⃣A07:2021 – Identification and Authentication Failures
        • 8️⃣A08:2021 – Software and Data Integrity Failures
        • 9️⃣A09:2021 – Security Logging and Monitoring Failures
        • 🔟A10:2021 – Server-Side Request Forgery (SSRF)
      • 🦄API
      • 🌆IoT
      • 📱MOBILE
    • 🛼Web 3 Vulnerabilities
      • Fuzzing Ethereum Smart Contract
      • Static Analysis using Slither
      • Solidity Audit using Mythril
      • 🎆Reentrancy Vulnerabilities
      • 🥪Sandwich Attacks
      • 🌇Integer Attacks
      • 🚂Authorization Issues
      • 🌉Bad Randomness
    • 🛩️Web 3 Smart Contract
      • ⛎Blockchain Hacking (Python)
        • 🌆Smart Contract Template
        • 🎆Interact with ERC20 Tokens
        • 📲Interact with Wallets
        • 🍷Reverse Engineering Bytecode
        • ✒️Sign Transactions
        • 🪢Smart Contract Interactions
        • 🧜‍♀️Subscribing to Events
        • 🟤Brownie Interactions
        • 👾Exploit PoC
    • 🌃Smart Contract Audits
      • 🐸Thunder Loan Audit
        • 1️⃣Initial Review
    • 👩‍💼GRC Frameworks
      • NIST 800-39
      • SOC 2
      • HIPAA
      • PCI-DSS
      • NIST CSF
      • FedRAMP
      • CSA STAR
      • SOX
      • GDPR
      • ISO 27001
  • 🦹REAL WORLD && CTF
    • ⚛️Scripts and Systems
      • R: Code Execution
      • Python2 Input Vulnerability
  • 🦸MISCELLANEOUS
    • Decrypt SSL Traffic
    • 🏦OpenSSL Commands
    • 🔒GPG
    • 🔐SSH Commands
    • OWASP BWAPP Setup
    • Commando VM Setup
    • Living Off The Land Applications
    • 🐧Develop Your Own Linux Distro
    • 🐱GitHub Commands
      • 📔Cheatsheet
  • 🧛‍♂️ADVANCED PERSISTENT THREATS - RESEARCH
    • Reconnaissance
    • Resource Development
    • Initial Compromise
    • Execution
    • Establish persistence
    • Escalate privileges
    • Defense Evasion
    • Credential Access
    • Discovery
    • Lateral movement
    • Collection
    • Command and Control
    • Data exfiltration
    • Impact
  • 👾THREAT HUNTING - RESEARCH
    • MacOS
    • Azure Sentinel
    • Network Data
      • Network Data Sources
      • Network Threat Hunting Too
      • Hunting the Undetected
      • Protocols
      • Network Threat Hunts
    • Active Directory
      • Introduction
      • Threat Hunting
      • Threat Hunting in Active Directory
    • Data Collection
      • Internal Data
      • External Data
        • Private Data Sources
        • Community Data Sources
        • Public Data Sources
      • OSINT
    • Data Management and Processing
      • Data Processing
      • Common CTI Standards
      • Storage and Integration
      • Threat Intelligence Platforms
    • Analysis
      • Introduction
      • Analysis of Competing Hypothesis
      • Cyber Kill Chain and Diamond Model
      • Cyber Kill Chain and Courses of Action
    • Campaign Analysis
      • Introduction
      • Heatmap Analysis
      • Visual Analysis
      • MITRE Threat Group Tracker
      • Threat Intelligence Naming Conventions
    • Attribution
      • Introduction
      • Cognitive Biases
      • Logical Fallacies
      • Manage Biases
      • Nation-State Attribution
    • Dissemination and Sharing
      • Introduction
      • Tactical Intelligence
      • Operational Intelligence
      • Strategic Intelligence
  • 🦅CISA - INCIDENT RESPONSE PLAYBOOK
    • Overview
Powered by GitBook
On this page
  • Gain Access using Trojans
  • njRAT RAT Trojan
  • Hide Trojan
  • Theef RAT Trojan
  • Infect the Target System using a Virus
  • JPS Virus Maker Tool
  • Static Malware Analysis
  • Malware Scanning
  • Strings Search
  • Identify Packaging and Obfuscation Methods
  • Analyze ELF Executable File
  • Find the Portable Executable Information
  • Identify File Dependencies
  • Perform Malware Disassembly
  • Dynamic Malware Analysis
  • Port Monitoring
  • Process Monitoring
  • Registry Monitoring
  • Windows Services Monitoring
  • Startup Program Monitoring
  • Installation Monitoring
  • Files and Folder Monitoring
  • Device Driver Monitoring
  • DNS Monitoring

Was this helpful?

Edit on GitHub
  1. CS && PEN-TESTING BOOK
  2. CEH Mindmaps
  3. Malware Analysis

Tasks

Gain Access using Trojans

njRAT RAT Trojan

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Run the njRAT Trojan from the attacker machine and gain control over the victim machine. What is the default port used for njRAT?

5552

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Enter the Host Name of the victim machine displayed in njRAT Remote Shell.

Server2022

Hide Trojan

SwayzCryptor

On the Windows 11 machine, create a Trojan server using njRAT. Use SwayzCryptor to encrypt the Trojan server file and check if encryption makes the file undetectable to antivirus programs (answer “Yes” if SwayzCryptor makes the Trojan undetectable or “No” otherwise).

Yes

Theef RAT Trojan

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Create a Trojan server using the Theef RAT Trojan to control the victim machine remotely. Run the Theef server on the victim machine and the Theef client on the attacker machine. The Theef client and server files are available in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Trojans Types\Remote Access Trojans (RAT)\Theef on the attacker machine. What is the default port used in Theef?

6703

Infect the Target System using a Virus

JPS Virus Maker Tool

In the Windows 11 machine, create a virus using the JPS Virus Maker tool and infect the Windows Server 2019 machine. What is the default custom website used by JPS Virus Maker 4.0?

Static Malware Analysis

Malware Scanning

Analyze malware using online Hybrid Analysis services. What the name of the Analysis Environment that was selected in this task?

Windows 7 64 bit

Analyze malware using online Hybrid Analysis services. Enter the name of the malicious file that was uploaded for analysis in this lab.

tini.exe

Strings Search

BinText

Perform a string search on the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the size of the text detected in the file?

4240 bytes

Identify Packaging and Obfuscation Methods

PEid

Analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine to identify packaging and obfuscation methods. What is the subsystem found in the PEiD analysis for Face.exe?

Win32 GUI

Analyze ELF Executable File

Detect It Easy (DIE)

Detect a file’s compiler, linker, packer, etc. using Detect It Easy (DIE). Enter the name of the operating system that was detected from the ELF file in this task.

Red Hat Linux

Find the Portable Executable Information

PE Explorer

Use PE Explorer to analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the address of the entry point for the file face.exe?

00408458h

Identify File Dependencies

Dependency Walker

Use the Dependency Walker tool to analyze the executable snoopy.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine and identify the file dependencies of the executable file. Apart from KERNEL32.DLL, ADVAPI32.DLL, and WS2_32.DLL, what is the fourth DLL dependency?

MPR.DLL

Perform Malware Disassembly

On the Windows 11 machine, use the IDA tool to analyze the file face.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live!. What is the first subroutine function identified by IDA?

sub_401000

Tools

  • IDA

  • OllyDbg

Ghidra

Use Ghidra to perform malware disassembly and find out the compiler ID of face.exe file.

windows

Dynamic Malware Analysis

Port Monitoring

Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use the TCPView tool to find the connections created by the Trojan. What is the remote port used by the Trojan server?

5552

Tools

  • TCPView

  • CurrPorts

Process Monitoring

Process Monitor

Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use Process Monitor to detect suspicious processes created by the Trojan server and identify the registry path of the Trojan executable. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

Registry Monitoring

Reg Organizer

Use the registry monitoring tool Reg Organizer to scan the registry values for any changes. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

Windows Services Monitoring

Windows Service Manager (SrvMan)

On the Windows 11 machine, use the Windows Service Manager (SrvMan) tool to check for suspicious windows services. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

Startup Program Monitoring

Tools

  • Autoruns for Windows

  • WinPatrol

On the Windows 11 machine, use Autorun for the Windows and WinPatrol tools to monitor startup programs. Which tab in the WinPatrol tool shows all toolbars and links loaded in the system by IE or other Windows components?

IE Helpers

Installation Monitoring

Mirekusoft Install Monitor

On the Windows 11 machine, use the Mirekusoft Install Monitor tool to detect hidden and background installations. If a person uninstalls any application from the system but fails to delete it from the hard drive, will they be able to view the application in Mirekusoft Install Monitor? (Yes/No)

No

Files and Folder Monitoring

PA File Sight

Install PA File Sight’s central monitoring service on the Windows 11 machine and configure it to monitor file integrity on the Windows Server 2022 remote machine. What is the default port used by the central monitoring service?

8000

Device Driver Monitoring

Tools

  • DriverView

  • Driver Reviver

On the Windows 11 machine, use the tools DriverView and Driver Reviver to monitor device drivers. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

DNS Monitoring

DNSQuerySniffer

On the Windows 11 machine, use DNSQuerySniffer to monitor DNS queries to a DNS server. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

PreviousMalware AnalysisNextSniffing

Last updated 1 year ago

Was this helpful?

👽
🗺️
*️
http://kernel32.irkernel32.ir
Free Automated Malware Analysis Service - powered by Falcon Sandbox
Logo